CIO  DOUGLAS  MERRILL:  THE  I.T.  LEADER  AND  ENTERPRISE  2.0  Page  58 


bus:  mess  process 

MANAGEMENT 

When  to  do  it;  how  to  do  it; 
where  to  find  the  tools. 

Page  65 


HOW  TO  PROTECT 
N  OBILE  DEVICES 

No  more  excuses. 
Your  guide  to  encryption 
best  practices. 

Page  25 


Tal-Mart 
Lost  Its 


by  thomas  wailgum 


» Stalled  RFID  initiative 


»  Declining  profits 
»  Fuzzy  customer  focu  s 

Can  the  world’s  biggest  retailer 


YOUR 

ETITIV 


DULL” 


-CIO  MAGAZINE 


IT  COMPLEXITY  INHIBITS  GROWTH 


But  Dell’s  ready  to  change  everything  with  a  promise  to 
re-invent  information  technology  as  you  know  it.  Simply  put, 
we’ll  cut  the  cost  and  complexity  of  IT  once  and  for  all. 
Learn  more  at  www.dell.com/simplify. 


IN  THE  WORLD  OF  OFFICE  COLOR, 
SPEED  AND  QUALITY  SHOULDN'T  BE  LIMITED. 
EVEN  IF  MY  BUDGET  IS. 


THE  CANON  COLOR  IMAGERUNNER 
PRODUCE.  PERSUADE.  PERFORM.  ON  PAPER. 


.Color 

imageRUNNER® 

www.usa.canon.com  1-800-OK-CANON 


Canon  and  IMAGERUNNER  are  registered  trademarks  of  Canon  Inc.  in  the  United  States  and  may  also  be  registered  trademarks  or  trademarks  in 
other  countries.  IMAGE  ANYWARE  is  a  trademark  of  Canon.  ©  2007  Canon  U  S  A..  Inc.  All  rights  reserved.  Product  shown  with  optional  accessories. 


mageANYWARE 


;;a  >  : 


i: 


Contact  us  to  discuss  designing  and  implementing  the 
right  platform  foryour  changing  business  needs. 


©2007  Interactive  Intelligence  Inc.  All  rights  reserved. 


to  CIOs  who  believe 
business  should  drive 


technology  decisions. 

Not  the  other  way  around. 


Those  who  succeed  in  business 

are  those  who  adapt  to  change. 

We  give  you  an  open  IP  communications 

platform  that  not  only  adapts  to  your  way  of 
business  thinking... 

It  adapts  every  time  market  trends,  customer 
demands  and  organizational  needs  require  it  to. 

A  SIP-architected,  all-in-one  communications 
platform  for  complete  IP-PBX,  contact  center, 
and  enterprise  messaging  functionality. 

One  intelligent,  flexible  solution  that  follows 
your  lead. 

So  take  care  of  business  first. 

We'll  take  care  of  the  rest. 


Interactive  Intelligence- 

Deliberately  Innovative 

We  say  YES!  to  your  business  decisions, 
visit  |  www.inin.com 


■  9  4  m  0m  j 

K  A  'y?* , 

NOVEMBER  1,  2007  I  VOL/21  !  NO/3 


Columns 


30  The  Longest  Interview 

CAREER  STRATEGIST  Four  CIOs  On  how  to 
turn  an  interim  job  into  a  permanent  one. 

By  Martha  Heller 

34  Get  Outside  Your 
Comfort  Zone 

think  tank  To  innovate,  try  learning  from 
the  best,  even  when  that  means  looking 
outside  your  own  field.  By  John  Baldoni 

40  Let  the  Business 
Drive  IT  Strategy 

applied  insight  Some  CIOs  are  better  than 
others  at  executing  an  IT  strategy.  Their  secret: 
a  simple  plan  that  helps  business  leaders  make 
the  right  technology  decisions.  By  Chris  Potts 


4s  How  Wal-Mart  Lost  Its  IT  Mojo 

cover  story  i  customer  focus  Two  decades  ago,  the  world’s 
number-one  retailer  used  IT  to  reinvent  global  supply  chains.  Now 
Web  2.0  technologies  are  forcing  retailers  to  pay  more  attention  to 
customers.  No  longer  an  IT  leader,  Wal-Mart  is  at  a  crossroads. 

By  Thomas  Wailgum 

58  The  Tao  of  Consumer  Tech 


77  No-Boundaries 
Leadership 

strategic  cio  Most  CIOs  leverage  their 
enterprisewide  view  of  business  operations. 
The  CIO  of  Options  Clearing  Corp.  must  cul¬ 
tivate  industrywide  leadership  to  succeed  in  a 
time  of  unprecedented  growth. 

By  John  Von  Stein 


emerging  technology  |  q&a  If  there’s  anyone  out  there  who 
understands  the  impact  of  consumer  technology  on  the  enterprise, 
it’s  gotta  be  Google  CIO  Douglas  Merrill. 

By  Abbie  Lundberg 

6s  Process  Trip 

business  process  management  Why  Maritz  Travel  revamped 
key  business  processes— and  how  business  and  IT  came  together  to 
make  it  work. 

By  Laurianne  McLaughlin 


more  » 


www.cio.com  |  NOVEMBER  1,  2007  5 


men 


Are  CIOs  an  endangered  species? 

By  David  Rosenbaum 


New  Momentum  in  Healthcare  IT? 


10  From  the 
Publisher  Emeritus 

Stop  thinking  outside  the  box. 
It’s  all  just  sourcing  now. 

By  Gary  Beach 

12  Inbox 

Readers  weigh  in  on  innovation 
and  outsourcing,  the  future 
and  extreme  CIOs. 


There’s  been  a  lot  of  action  recently  in  healthcare 
IT,  where  big  players  like  Microsoft  and  Google 
arejoiningthe  usual  suspects.  Go  to  CIO.com  to 
read  about  the  challenges  facing  Microsoft’s  new 
HealthVault  patient  records  service.  Also,  find  out 
about  Mount  Sinai  Medical  Center’s  new  smart 
cards  that  keep  a  patient’s  history  on  an  encrypted 
chipintheirwallet. 


15  Trendlines 

►  Rising  rupee  rocks  all  boats 

►  Who’s  the  host  with  the  most? 

►  Giant  SAP  wants  to  get  small 

(#-  Retail  channels:  The  big  mash-up 

►  Meetings:  Threat  or  menace? 

►  Meet  the  new  boss.. .and  his  buddies 

►  Hot  jobs:  Business  relationship 
manager 

25  Essential  Technology 

Stop  making  excuses.  With  today’s 
mature  tools  and  a  smart  strategy,  CIOs 
can  affordably  (and  wisely)  use  encryption 
to  protect  mobile  devices. 

By  Galen  Gruman 


74  Index 


www.cio.com/article/146801 

www.cio.com/article/146750 


[OUTSOURCING] 

A  DEBATE  ON  INDIA 

Checkoutourduelingfeatures  exploring 
the  conditions  and  arguments  for  (great 
talent  pool,  real  business  value)  and 
against  (rising  costs,  high  turnover)  out- 
sourcingto  India.  Of  course,  yourdecision 
will  depend  on  your  circumstances.  But 
go  to  CIO.com  to  start  your  research  or  to 
reassess  your  existing  position. 

www.cio.com/article/146450 

www.cio.com/article/146451 

[MALWARE  WATCH] 

AGOLDENAGEOF  CRIME 

Goto  CIO.com  for  insight  into  the 
sophisticated  global  service  economy 
that’s  being  created  right  now  by  Internet 
criminalsto  sell,  share  and  distribute 
your  identity  in  orderto  perpetrate  theft 
on  a  scale  that  makes  all  previous  crimi¬ 
nal  enterprises  look  like  small  potatoes. 
www.cio.com/article/135500 


[RECRUITING  TIPS] 


HIRING  MANAGER 
INTERVIEWS 

Go  to  CIO.com  to  learn 
from  the  experiences  of 
top  IT  managers  as  they 
try,  against  all  odds,  to 
hire  and  retain  good  IT 
staff.  See  our  ongoing 
series  at  www.cio.com/ 
article/109702. 


»  Product  Review  Howto  fittheiPhone  to  the  needs  of  IT  executives 
and  business  users 

»  Talent  Show  The  problem  with  "Chindia”  and  outsourcing  exuberance 
»  HowTo  Get  a  grip  on  Ajax  security 
»  News  What  SAP’s  Business  Objects  purchase  means  to  you 


6  NOVEMBER  1,  2007  |  www.cio.com 


Business  Risk 


Technology  Risk 


Internal  Audit 


RISK 

AND  HOW  IT  COULD  BECOME 

YOUR  BIGGEST 

ASSET 


What  is  it  that  all 
Fortune  1000®  firms 
want,  but  little  more 
than  half  of  them  have?  A  high 
degree  of  confidence  that  they 
are  effectively  identifying  and 
managing  potentially  significant 
risks.  As  the  leader  in  Risk 
Consulting,  Protiviti  knows  better  than  anyone  what 
the  nation’s  largest  companies  are  doing— and  failing 
to  do— with  regard  to  their  risks.  In  fact,  based  on  a 
comprehensive  survey  of  senior  executives  at  these 
firms,  we’ve  produced  the  2007  edition  of  our 


annual  U.S.  Risk  Barometer  report. 
It’s  an  authoritative  benchmark  for 
evaluating  your  own  organization’s 
Risk  Management  capabilities— 
capabilities  that  can  improve 
process  performance,  strengthen 
compliance  and  grow  your  company. 
And  if  effective  risk  management 
can  give  you  an  edge  over  almost  50  percent  of  the 
competition,  well,  that’s  what  we  call  a  very  big  asset. 

To  get  a  complimentary  copy  of  the  2007  U.S.  Risk 
Barometer,  which  includes  expanded  information  by 
industry,  visit protiviti.com/riskbarometer 


Know  Risk.  Know  Reward.  ® 


©  2007  Protiviti  Inc.  An  Equal  Opportunity  Employer.  Protiviti  is  not  licensed  or  registered  as  a  public  accounting  firm  and  does  not  issue  opinions  on  financial  statements  or  offer  attestation  services.  0206-9008 


FROM  THE  EDITOR 


The  Enemy  Is  IT 

Are  CIOs  an  endangered  species? 

Paranoia  has  long  been  part  of  the  CIO  job 

description.  Of  course,  to  quote  an  old  saw,  even 
paranoids  have  enemies. 

Today,  the  enemy  is  IT  itself.  More  specifically, 
it’s  the  way  IT  is  changing. 

Not  so  long  ago,  CIOs  designed,  bought,  imple¬ 
mented  and  controlled  IT.  Today,  as  IT  permeates 
every  level  of  the  enterprise,  as  the  IT  sophistica¬ 
tion  of  users  rises,  the  idea  that  any  one  person 
can  control  it  is  becoming  increasingly  untenable. 
And  that’s  bound  to  make  CIOs  more  paranoid  than  ever. 

For  example,  in  a  survey  published  last  month,  more  than  600  U.K.  IT  leaders 
said  their  role  is  becoming  less  strategic;  more  than  half  thought  they’d  be  out  of 
a  job  within  two  years.  The  survey  also  found  that  half  of  their  CFOs  viewed  IT 
as  a  support  function  and  as  such  didn’t  believe  the  CIO  needed  to  occupy  a  seat 
on  the  board. 

Well,  CFOs  have  never  liked  CIOs  (CFOs  don’t  really  like  anyone)  so  let’s  not 
worry  about  them.  Let’s  worry  instead  about  a  recent  survey  by  The  Conference 
Board  of 769  CEOs  worldwide  who  said  that  their  top  challenge  was  getting  “excel¬ 
lence  of  execution”  and  their  third  greatest  concern  was  “keeping  consistent  execu¬ 
tion  of  strategy  by  top  management.” 

So  how’s  your  execution?  It’s  hard  to  execute,  isn’t  it,  when  every  other  employee 
is  downloading  his  or  her  own  apps  off  the  Web.  And  it’s  hard  to  enforce  a  con¬ 
sistent  strategy,  isn’t  it,  when  business  leaders  are  developing  their  own  based  on 
software  as  a  service  offerings  that  beat  your  enterprise  IT  hollow. 

So  what’s  the  answer? 

Well,  everyone  is  still  working  on  that.  In  “Let  the  Business  Drive  IT  Strategy” 
(Page  40),  Chris  Potts,  director  of  an  IT  strategy  consultancy,  suggests  that  “the 
CIO’s  challenge  is  to  capture  and  channel  the  energy  of  individuals’  personal 
strategies  for  exploiting  IT.”  That  is,  be  a  business  facilitator. 

In  “The  Tao  of  Consumer  Tech”  (Page  58),  Google  CIO  Douglas  Merrill  basically 
says  that  CIOs  should  play  to  their  technology  strength,  urging  them  to  have  faith 
in  Moore’s  Law  and  “throw  off  the  shackles  of  today’s  perspective  and  build  the 
world  that  we  want  to  live  in.” 

In  other  words,  the  answer  is  yet  to  be  determined.  But  the  CIO  role  isn’t  going 
away.  The  job  is  just  getting  harder  to  define,  harder  to  do.  So  what  else  is  new? 


David  Rosenbaum,  Editor 

drosenbaum@cio.com 


PHOTO  BY  WEBB  CHAPPELL 


BUSINESS  TECHNOLOGY  LEADERSHIP 


president  and  ceo  Michael  Friedenberg 
publisher  BobMelk 
publisher  emeritus  Gary  J.  Beach 

EDITORIAL 

EDITOR  in  chief 

Abbie  Lundberg 

EDITOR 

David  Rosenbaum 

EXECUTIVE  EDITOR 

Elana  Varon 

TECHNOLOGY  EDITOR 

Laurianne  McLaughlin 

SENIOR  EDITORS 

Stephanie  Gelston,  Kim  Nash, 
Stephanie  Overby 

SENIOR  WRITER 

Thomas  Wailgum 

STAFF  WRITER 

Christopher  Lynch 

ASSOCIATE  STAFF  WRITER 

Katherine  Walsh 

COPY  CHIEF 

Dave  Gradijan 

COPY  EDITOR 

Susan  Bryant- Still 

ASSOCIATE  COPYEDITOR 

Kristin  Burnham 

EDITORIAL  ASSISTANT 

Jarina  D'Auria 

EDITORIAL  ADMINISTRATOR 

Jill  Paquette 

CONTRIBUTORS 

John  Baldoni,  Martha  Heller,  Steve  Kelner, 
Reynold  Lewke,  China  Martens.  James  Niccolai, 
Chris  Potts,  John  Von  Stein 

DESIGN 

EXECUTIVE  DIRECTOR.  ART  AND  DESIGN 

Mary  Lester 

ART  DIRECTORS 

Terri  Haas,  Steve  Traynor 

ONLINE  EDITORIAL 

ONLINE  EDITORIAL  DIRECTOR 

Christopher  Lindquist 

ONLINE  MANAGING  EDITOR 

Michael  Goldberg 

SENIOR  ONLINE  EDITORS 

Meridith  Levinson,  Shawna  McAlearney. 
Esther  Schindler 

ASSOCIATE  ONLINE  EDITOR 

Diann  Daniel 

ONLINE  WRITER  Al  SaCCO 

RESEARCH 

RESEARCH  MANAGER 

Carolyn  Johnson 

SENIOR  RESEARCH  ANALYST 

Seanna  Maguire 


CXOXMEDIA  INC. 


INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 

*BPA 

©CXO  Media  Inc. 


who  covers  what  www.cio.com/staff 
e-mail  letters@cio.com  phone  508  872-0080 
fax  508  879-7784  address  CIO  Magazine, 

CXO  Media  Inc.,  492  Old  Connecticut  Path, 

P.0,  Box  9208,  Framingham,  MA  01701-9208 
website  www.cio.com  subscriber  services  866  354-1125 
•  Fax  847  564-9453  •  E-mail  cio@omeda.com 
reprints  and  permissions  •  Reprint  Management  Services 
800  290-5460,  ext.  100  •  E-mail  cio@reprintbuyer.com 


8  NOVEMBER  1,  2007  |  www.cio.com 


1.  Dual-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate 
operating  system  software  for  full  benefit;  check  with  software  provider  to  determine  suitability;  not  all  customers  or  software  applications  will  necessarily  benefit  from  us.e  of  this  technology 
Intel's  numbering  is  not  a  measurement  of  higher  performance.  Intel,  Intel  logo,  Intel  Inside,  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation 
or  its  subsidiaries  in  the  United  States  and  other  countries.  L.P.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 
©2007  Hewlett-Packard  Development  Company,  L.P.  The  information  contained  herein  is  subject  to  change  without  notice.  'l-'Q. 


Xeon 


inside 


■ 


Dual-core. 
Do  more. 


- 


Alternative  Thinking  About  Storage: 


STORAGE  UTOPIA 

IS  NOT  A  MYTH. 

Imagineastorageenvironmentthat'ssimple,  straightforward 
and  virtually  effortless.  The  HP  StorageWorks  1 200  All-in-One 
Storage  System  lets  you  manage  your  ever-growing  data 
using  a  simple  Windows®  application,  in  a  language  you 
already  know.  Call  it  utopia,  nirvana,  or  just  plain  easy. 


Technology  for  better  business  outcomes. 


Powered  by  the  Dual-Core  Intel®  Xeon Processor1 


Experience  a  utopian  world  of  storage.  Visit  hp.com/go/storageutopia6 

1-800-888-0306 


FROM  THE  PUBLISHER  EMERITUS 


BUSINESS  TECHNOLOGY  LEADERSHIP 


; 

; 


president  and  ceo  Michael  Friedenberg 
publisher  BobMelk 
publisher  emeritus  Gary  J.  Beach 


No  More 
Outsourcing 

Stop  thinking  outside  the  box.  It’s  all  just  sourcing  now. 

Last  month  I  met  with  scores  of  CIOs  and 
senior  technology  executives  in  a  series  of  execu¬ 
tive  roundtable  discussions.  The  topic  of  those 
discussions  was  how  to  manage  and  measure 
outsourcing  operations. 

My  biggest  takeaway  from  these  conversations 
was  this:  It’s  time  to  take  the  out  out  of  outsourc¬ 
ing.  Let’s  call  it  what  it  is:  sourcing. 

Outsourcing  suggests  a  practice  and  a  relation¬ 
ship  that’s  external  to  a  company,  its  culture,  its 
business  processes,  its  employees.  Using  the  term  indicates  that  in  the  company’s 
collective  consciousness  there’s  some  imaginary  line  being  drawn.  On  one  side  of 
the  line,  it’s  us  and  on  the  other,  it’s  them. 

But  the  executives  I  met  with— executives  representing  businesses  that  were 
managing  their  sourcing  relationships  successfully— saw  their  business  and  the 
sourcing  company’s  business  as  one,  as  an  organic  whole. 

The  most  difficult  aspect  of  managing  the  sourcing  relationship  is  what  some 
of  these  executives  called  “soft  metrics”:  the  human  side  of  handling  expectations 
with  line-of-business  managers  and  the  sourcing  firm.  The  hard  metrics— such 
as  cost,  quality  of  work,  delivery  time— were,  at  least  in  contrast,  relatively  easy 
to  manage  and  measure.  These  experts  strongly  recommended  that  metrics  both 
hard  and  soft  be  reviewed  at  least  quarterly. 

Tom  Friedman  almost  got  it  right.  But  the  world  isn’t  exactly  flat;  it’s  globally 
integrated  by  IT  departments  in  which  (according  to  Gartner)  91  cents  out  of  every 
budgeted  dollar  goes  to  supporting  and  maintaining  that  infrastructure  and  the 
rest,  those  paltry  9  cents,  goes  to  new  initiatives.  That’s  not  a  great  split  at  a  time 
when  CEOs  are  calling  for  their  CIOs  to  deliver  growth  and  innovation. 

Sourcing  solutions,  particularly  ones  by  which  CIOs  improve  their  manage¬ 
ment  of  those  soft  metrics,  can  free  up  dollars  for  those  new  initiatives  and  help 
CIOs  provide  what  their  enterprises  need  and  their  CEOs  want. 

Here’s  an  idea:  Why  doesn’t  the  global  CIO  community  collectively  log  on  to 
Wikipedia  and  take  the  out  out  of  outsourcing. 

It  could  become  the  in  thing  to  do. 


Gary  Beach,  Publisher  Emeritus 

gbeach@cio.com 

PHOTO  BY  WEBB  CHAPPELL 


CXO  MEDIA  INC 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 
general  manager  Mark  Hall 

MANAGING  DIRECTOR.  PROGRAM  SERVICES  Shaw  Lively 

vp,  development  Dexter  Siglin 
vp,  executive  development  Stefanie  Egan 
managing  dir.,  content  development  Richard  Pastore 
mgr.,  group  services  and  research  Michael  Swenson 
marketing  communications  manager  Jennifer  Baker 
senior  architect  Lawrence  Coffin 
director  of  development  Steve  Rovniak 
group  manager,  member  services  Carrie  Mathews 
senior  manger,  group  services  Ellen  Friedman 
program  services  managers  Joyce  Dunnells. 
Michael  Fahlsing,  Bill  Roche.  Janet  Williams 
program  specialists  Lisa  Desmarais,  Susan  Hupp 
content  development  specialist  Diane  Frank 

DEVELOPMENT  MANAGERS  Bob  Diack, 

John  Harrison,  Michael  Herrera.  Kathy  Mayer 

development  associate  Kristin  Bradshaw 
sales  associate  Jennifer  Finn 

EXECUTIVE  PROGRAMS 
vp,  executive  programs  Ellen  Daly 
dir.,  event  marketing  Mary  Conroy 
dir.,  event  operations  Deb  Begreen 
senior  conference  producer  Judith  Kittredge 
NATIONAL  SALES  MANAGER  Curtis  Chiu 
event  planner  Sarah  Reagan 
event  coordinator  Bethany  Whiffin 
client  services  specialist  Cress  O'Brien 
client  relations  associate  Erica  Foster 
sales  associate  Nicole  Blackburn 

INFORMATION  SYSTEMS 
idg  dir.  of  information  services  Nancy  Newkirk 
i.t.  manager  Sean  McCracken 

SENIOR  USER  SUPPORT  SPECIALISTS 

Christopher  A.  Kay.  Thomas  Lupien 

user  services  specialist  Gloria  Lam 
associate  user  support  specialist  James  Brevard 
senior  web  developer  David  Cohen 
web  developer  Sanghee  Seo 

PRODUCTION 
VP,  MANUFACTURING  Chris  CuOCO 
production  manager  Heidi  Broadley 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

SR.  DIRECTOR,  MARKETING  COMM.  Sue  YanOVitch 

sr.  marketing  comm,  specialist  Susan  Murray 
marketing  and  pr  specialist  Lynn  Holmlund 

RESEARCH 

research  manager  Carolyn  Johnson 
senior  research  analyst  Seanna  Maguire 

ADMINISTRATION 

coo  Matt  Smith 

SENIOR  FINANCIAL  ANALYST.  ONLINE  AND 

integrated  products  Chris  Bernardi 
accounting  specialist  Amy  Small 

EXECUTIVE  ASSISTANT  TO  THE  PRESIDENT  Diane  Martin 

facilities  specialist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 
vp,  human  resources  Patricia  Chisholm 
hr  representative  Pauline  Boyle 


MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 

*BPA 


10 


NOVEMBER  1,  2007  |  www.cio.com 


Staffing  Services 
Team  Services 
Component  Services 
Workforce  Management  Services 


...which  is  why  we  are  committed  to  bringing  you  innovation, 
expertise,  and  the  nation's  best  talent. 

TEKsystems®  is  proud  to  have  earned  a  reputation  for  offering 
unparalleled  technology  expertise.  In  fact,  as  a  leading 
technology  services  company,  our  commitment  to  creating 
and  upholding  the  highest  standards  is  only  exceeded  by 
our  passion  to  satisfy  customers  through  superior  service. 

Deploying  expertise  with  the  right  skills  and  methodology 
to  manage  complex  technology  implementations  is  our 
primary  goal.  We  constantly  challenge  ourselves  to  build 
upon  our  robust  portfolio  of  services,  and  deliver  top-tier  talent 
capable  of  implementing  virtually  any  form  of  technology. 

Visit  us  at  www.teksystems.com  for  more  information, 
or  call  888-835-7978  to  arrange  to  meet  with  an  account 
manager. 

people  you  can  trust  results  you  can  count  on 

systems 


TEKsystems,  Inc.  is  an  Allegis  Group,  Inc.  company.  Copyright  ©  2007  All  rights  reserved. 


READER  FEEDBACK 


SCHRAGE: 


lot«SMlP 


technology 


relationships,^? 

and  more.  Here  s 

6,STtf.BAN.e.O«EBBY 


f 


Innovation  and 
Outsourcing 

I  won't  rehash  all  the  postings  I’ve  made 
to  Stephanie  Overby’s  great  series  of  “out¬ 
sourcing  reality  check”  articles  of  the  past 
two  months  and  her  Oct.  15  story  [“What 
Does  It  Take  to  Get  IT  Outsourcers  to 
Innovate,”  www.cio.com/article/144400] . 
The  bottom  line  is  this:  You  can  outsource 
to  reduce  your  utility  running  costs; 
you  can’t  outsource  innovation.  Period. 
QED. 

MICHAEL  GENTLE 


Outsourcing  is  somewhat  akin  to  the 
arranged  marriages  of  yore.  You  first 
marry  the  person  and  love  develops  even- 
tually  (hopefully).  Measuring  innovation 
is  like  measuring  love.  Not  very  easy. 

Expecting  a  vendor  to  possess  intimate 
knowledge  of  your  business  and  bring  in 
relevant  innovation  from  day  one  is  an 
extremely  tall  order.  If  a  vendor  promises 
this,  chances  are,  it’s  just  a  sales  spiel. 

With  standard  IT  outsourcing,  the 
possibilities  initially  are  limited.  In  my 
opinion,  contracts  must  start  with  com¬ 
modity/utility  type  services  with  a  goal 
to  simply  reduce  cost  and  improve  qual-  j 
ity.  The  contracts  must  be  tied  around 


measurable  SLAs.  However,  once  the 
vendor  is  somewhat  entrenched  and  has, 
at  minimum,  a  ringside  view  of  the  busi¬ 
ness,  they  should  be  allowed  to  seek  out 
increased  business,  based  on  innovative 
ideas. 

“We  notice  that  you  are  struggling  with 
ramping  up  capacity  before  the  holiday 
season.  We  may  have  an  idea...” 

As  the  relationship  matures,  the  ven¬ 
dor’s  ideas  for  innovation  will  be  more 
and  more  on  target.  To  enable  that,  one 
must  build  an  expedited  route  for  the 
vendor  to  win  this  additional  business  to 
ensure  that  normal  contractual  red-tape 
does  not  come  in  the  way  of  innovation. 
NANJI  CHANDRA 

The  Future 

Most  of  the  ideas  in  your  Oct.  1  Anni¬ 
versary  Issue  story  [“2007-2027:  The 
Shapes  of  Things  to  Come,”  www.cio 
.com/article/140651]  just  extrapolate  cur¬ 
rent  trends  and  ignore  disruptive  tech¬ 
nologies.  But  the  one  trend  that’s  sure  to 
continue  is  migration  of  IT  from  corpo¬ 
rate  premises  to  the  social  environment. 
Ubiquity  in  the  environment  means  it  will 
be  invisible— something  that’s  taken  for 
granted. 

James  Joyce  said  that  “the  environ¬ 
ment,  when  invisible,  is  invincible.”  He 
was  inspired  by  Thomas  Carlyle’s  Sar¬ 
tor  Resartu  s,  which  posits  that  people  are 
shaped  by  their  clothes  and  because  you 
don’t  really  notice  your  clothes  (except 
while  dressing,  perhaps),  your  clothes  are 
invisible  to  you  and  therefore  their  power 
over  you  is  invincible.  Dress  formally  and 
your  manners  will  match.  Dress  casually 
and  you’ll  be  laid-back  all  day.  Dress  like 
a  cop  and  you’ll  act  like  a  cop. 

That’s  the  real  meaning  of  Larry  Niven’s 
prediction  about  machines  taking  over. 


People  will  act  to  comport  with  the  way 
machines  act,  instead  of  machines  acting 
to  comport  with  the  way  people  act. 
PATRICK  MURPHY 

Extreme  CIOs 

The  CIO  job  [“The  Extreme  CIO,”  www 
.cio.com/article/13255l]  requires  an  enor¬ 
mous  amount  of  hard  work.  There  are  CIO 
jobs  that  can  be  done  in  a  40-hour  week, 
but  long  hard  hours  are  required  if  you 
want  to  run  up  to  the  top  of  a  significant 
sized  organization  that  is  growing,  fast 
paced  and  pays  well.  Fact:  Those  CIOs  are 
going  to  work  harder  than  most. 

JAMES  MENARDY 

Divide  and  Conquer 

I  enjoyed  the  article  describing  how  IT 
departments  are  dividing  themselves  into 
supply-and-demand  entities  [“Why  IT 
Executives  Split  Staffs,”  www.cio.com/ 
article/121150].  We  are  five  years  into  this 
and  have  found  it  to  be  both  a  natural  and 
effective  partition.  We  use  a  different  set 
of  terms:  stabilize  and  de-stabilize.  The 
demand  side  of  IT  generally  plays  a  de¬ 
stabilizing  role,  introducing  changes  and 
moving  everyone’s  cheese.  IT  supply  per¬ 
sonnel  take  the  changes  introduced  by 
their  colleagues,  streamlining  processes 
and  making  things  work  systematically 
and  efficiently.  Thanks  for  highlighting 
this  significant  shift  in  the  IT  world! 
RICHARD  VOGT 
Chief  Information  Officer 
Sedgwick  County,  Kan. 


What  Do  You  Think? 


You  can  post  your  thoughts,  comments, 
insights  and  opinions  on  CIO  stories  at 
www.cio.com.  Your  posts  may  be  edited  for 
length  or  clarity. 

cio.com 


12  NOVEMBER  1,  2007  |  www.cio.com 


PATACSHTG&  ©houu?  never  b& 


YOUR 


H§H I 


If  your  datacenter  temperature  has  got  you  hot  under  the  collar,  we  can  help.  We're  Digital  Realty  Trust,  the  largest  owner  and  operator  of  datacenters  in 
the  industry.  Since  we've  purchased  and  developed  over  $2  billion  in  datacenter  assets,  we  know  a  thing  or  two  about  delivering  facilities  with  efficient  cooling 
architectures.  To  learn  more,  download  our  whitepaper,  "Cooling  Your  Datacenter"  at  www.digitalrealtytrust.com/hothead 


Digital  RealtyTrust 


Samsung  Solid  State  Drive 

A  new-generation  Flash  drive  available 
in  notebooks  from  leading  OEMs. 


solid  state  reliability 

Introducing  the  new  Samsung  Flash  Solid  State  Drive  (SSD). 

No  moving  parts,  except  some  hardworking  electrons.  A  mean  time 
between  failures  (MTBF)  six  times  longer  than  a  hard  drive.  Virtually 
unlimited  shock  resistance.  And  power  use  that  extends  battery  life 
up  to  20%.  With  a  Samsung  SSD  inside  your  notebook,  your  data  is 
always  there  when  you  need  it. 

www.samsungssd.com 


endurance  (MTBF1)  >  over  2  million  hours 


shock  resistance 

>  1500G  /0.5ms 

read  speed 

>  100MB  /  sec 

write  speed 

>  80MB /Sec 

active  power  consumption  <  0.5W 

system  boot  speed2 

<  24  sec 

operating  temperature 

L _ 

-25C  ~  85C 

_ • _ i _ J 

’Mean  Time  between  Failure 

W  NX9420,  XP  Pro,  Core  Duo  Processor  2.0Ghz,  512MB  RAM,  ICH  7,  i945  Chipset 
©  2007  Samsung.  All  rights  reserved. 


trend 


EDITED  BY  LAURIANNE  McLAUGHLIN  NEW  *  HOT  *  UNEXPECTED 


Rising  Rupee 
Rocks  All  Boats 

outsourcing  The  rise  of  the  Indian  rupee,  while  a 
sign  of  the  increasing  strength  of  India’s  economy,  is  bad 
news  for  Indian  outsourcing  providers  and  their  custom¬ 
ers.  So  far  this  year,  rupee  appreciation  has  eroded  about 
11  percent  of  the  dollar’s  purchasing  power  in  India, 
affecting  Indian  IT  services  providers  who  make  an 
average  of  two-thirds  of  their  revenue  in  U.S.  dollars 
but  incur  more  than  half  their  costs  in  rupees. 

The  inflow  of  dollars  to  India  is  at  an  all-time  high, 
creating  a  surplus,  says  Sumeet  Salwan,  director  of  sup 
plier  relations  for  offshore  outsourcing  adviser  neoIT.  As 
of  Oct.  1, 2007,  one  dollar  was  worth  only  39.65  rupees. 

A  year  earlier,  it  was  worth  45.79  rupees.  This  is  part  of 
a  larger  trend  of  dollar  weakness  around  the  globe. 

The  rising  rupee  is  hitting  midsize  Indian  provid¬ 
ers,  like  Syntel,  Polaris,  Mastek  and  iGate,  the  hardest 
because  their  margins  are  much  slimmer  than  those  of 
the  bigger  Indian  outsourcers,  say  analysts. 


Some  vendors  are  coping  by  charging  non-U.S. 
customers  in  their  local  currencies  rather  than  in  U.S. 
dollars  for  the  first  time.  IGate,  for  example,  is  billing 
Japanese  customers  in  yen  and  Swiss  customers  in 
Swiss  francs.  Continued  on  Page  16 


iifiiiiiiiiiiiimiiiiiiiiimmtimiimimiimiiimimmmiiiimmimiimiimimmmmmmimmmimiimim 


Who's 


mmimm 


saas  Everyone  is  going  after 
Microsoft  Office  these  days. 

IBM  recently  has  spun  out  a  free, 
standalone  suite  of  productivity 
software  included  in  the  latest  ver¬ 
sion  of  Lotus  Notes. 

At  about  the  same  time,  Google 
announced  plans  to  add  a  presenta¬ 
tion  application  to  Google  Docs, 
its  hosted,  software-as-a-service 
(SaaS)  suite  of  collaboration  and 
communications  tools. 

In  addition  to  Symphony,  IBM 
also  unveiled  Lotus  Notes  as  a 
hosted  service  meant  for  the  small- 
to  medium-size  business  market. 


Rebecca  Wettemann,  an  analyst 
with  Nucleus  Research,  estimates 
that  Google  Docs’  presentation 
application  has  about  60  percent  of 
the  features  in  Microsoft's  Power¬ 
Point.  Unlike  PowerPoint,  however, 
Google’s  suite  is  hosted;  Microsoft’s 
PowerPoint  is  packaged  software 
designed  to  be  installed  on  the 
user’s  computer. 

Microsoft,  meanwhile,  is 
responding  to  the  demand  for  Web- 
based  apps  by  expanding  its  Web- 
based  offerings.  In  late  September, 
Microsoft  announced  Office  Live 
Workspace,  now  in  beta  testing  and 


open  to  anyone  who  registers.  This 
lets  users  save  more  than  1,000 
Office  documents  to  one  place  and 
access  them  through  the  Web.  It 
also  allows  them  to  share  them  with 
others  in  a  password-protected, 
invitation-only  online  workspace. 

If  users  want  to  edit  their  docu¬ 
ments,  they  will  have  to  open  them 
using  an  installed  copy  of  Microsoft 
Office.  Other  people  who  don’t  have 
a  desktop  version  of  Office  can  still 
view  and  comment  on  other  peo¬ 
ple’s  documents  through  a  browser. 

-Compiled  from  IDG  News 
Service  reports 


PHOTO  BY  NILESH  BHANGE 


www.cio.com  |  NOVEMBER  1,  2007  15 


tflt 

u 

SB 

M 

J 

Q 

Z 

u 
a i 

H 


Giant  SAP  Wants 
to  Get  Small 


e  r  p  After  blanketing  the  Fortune  1000  with  its  ERP  software,  SAP  is 
looking  for  new  worlds  to  conquer.. .and  believes  it’s  found  one  in  the 
small-  to  mid-market  businesses  that  long  have  shied  away  from  ERP 
due  to  its  cost  and  complexity. 

SAP  has  christened  its  new  suite  of  hosted  ERP  software  for  the 
SMB  SAP  Business  ByDesign  and  says  the  software  will  be  available 
initially  in  the  U.S.  and  Germany,  with  the  U.K.,  France  and  China  to  fol¬ 
low  soon  after. 

SAP  CEO  Henning  Kagermann  presented  the  first  demonstration  of 
Business  ByDesign  in  New  York  last  September,  modestly  calling  it  "the 
most  important  announcement  I  have  made  in  my  career." 

According  to  Kagermann,  SAP  Business  ByDesign  aims  to  offer  the 
whole  range  of  ERP  capabilities— from  manufacturing  to  accounting  to 
marketingto  HR— in  a  service  affordable  and  simple  enough  for  use  by 
businesses  with  100  to  500  employees. 

Analysts  say  SAP’s  challenge  will  be  to  offer  a  product  that’s  easy  for 
companies  to  configure  but  also  meets  their  individual  needs. 

Businesses’  two  main  concerns  about  hosted  services,  especially 
ERP,  have  been  security  of  data  and  reliability  of  service,  says  Bo  Lyk- 
kegaard,  a  research  manager  with  IDC  (a  sister  company  of  CIO).  But 
those  concerns  are  lessening,  he  says,  and  hosted  services  for  CRM 
and  HR  will  soon  be  mainstream. 

By  the  way,  SAP  will  not  offer  a  way  for  customers  to  migrate  from 
its  software  to  Business  ByDesign,  saying  the  service  is  “not  intended 
to  replace  any  other  SAP  solution.”  -James  Niccolai 


The  BIG  Mash-Up 


*e' 


1 


RETAILING 

What  channel  do  your 
customers  use  when 
they  go  shopping? 

All  of  them.  Even 
that  old-fashioned 
paper  catalog. 

So  what  channel 
should  all  you  supply 
chain,  operations 
and  marketing  gurus 
focus  on? 

Uh-uh.  No  focusing 
allowed  in  today’s 
channel-agnostic, 
mashed-up  world. 

SOURCE:  Forrester  Research, 

“The  State  of  Retailing  Online  2007" 


16  NOVEMBER  1,  2007  |  www.cio.com 


x**  ***  •  •'  _ 


& 


V^e  ^ 


Rockin’  Rupee 


Continued  from  Page  15 

Indian  vendors  and  global  sup¬ 
pliers  with  Indian  subsidiaries  ulti¬ 
mately  will  pass  on  their  increased 
costs  to  their  customers.  “Every  CIO 
will  see  the  effects,”  Salwan  says. 

Some  things  for  American  IT  out¬ 
sourcing  customers  to  watch  out  for 
include: 

■  Increases  in  billable  hours. 

Vendors  may  bill  for  hours  worked 
that  were  previously  ignored  (includ¬ 
ing  overtime  and  vacation  time), 
especially  where  contract  terms  are 
ambiguous. 

■  Slower  response  times  and 
less  interest  in  R&D  projects. 

Efforts  to  increase  employee  utiliza¬ 
tion  rates  may  lead  to  a  smaller  bench 
of  developers,  project  managers  and 
others,  affecting  response  times  and 
reducing  R&D  efforts,  says  Salwan. 

■  Personnel  changes.  Providers 
may  try  to  dilute  skill  level  and  qual¬ 
ity  to  cut  costs  on  projects,  advises 
Forrester’s  Sudin  Apte.  Vendors  may 
try  to  increase  the  ratio  of  junior  staff 
to  senior  staff. 

■  Bill  collection.  Suppliers  may 
seek  to  enforce  30-day  payment 
terms. 

■  Early  renegotiation.  Some 
Indian  companies  may  push  for  rene¬ 
gotiation  on  projects  where  the  client 
seeks  to  change  scope  or  specifica¬ 
tions. 

■  Unsolicited  proposals.  Vendors 
may  try  to  drive  revenue  by  pushing 
new  projects. 

If  nothing  else,  managing  the  risks 
of  the  rising  rupee  will  be  good  prac¬ 
tice  for  IT  leaders  offshoring  work. 
The  Chinese  yuan  has  appreciated 
nearly  3  percent  against  the  dollar 
this  year,  the  euro  hit  a  record  high 
at  the  end  of  September  and  the 
Canadian  dollar  recently  topped  the 
American  greenback  in  value. 

-Stephanie  Overby 


PHOTO  BY  OLIVIER  BLONDEAU 


Discover  SUSE®  Linux  Enterprise  Server  10  from  Novell®.  Infrastructure  for  innovation™ 

It’s  the  infrastructure  you  need  to  harness  the  innovation  you’re  losing  managing  server  sprawl.  With  built-in 
virtualization,  advanced  clustering  capabilities  and  more  enterprise  applications,  all  fully  secure  and  fully 
supported,  SUSE  Linux  Enterprise  Server  10  makes  consolidating  servers  easy  and  affordable.  So  you  can 
fill  fewer  servers  with  more  performance.  Just  one  more  piece  of  the  Open  Enterprise:  all  the  infrastructure 
it  takes  to  innovate. 


Innovate  today  at  www.novell.com/linux 


Novell, 

This  Is  Your  Open  Enterprise.'" 


Copyright  ©2006  Novell,  Inc.  All  rights  reserved.  Novell,  the  Novell  logo,  and  SUSE  are  registered  trademarks  and  This  Is  Your  Open  Enterprise  and  Infrastructure  tor  innovation  are  trademarks  of  Novell, 
Inc.  in  the  United  States  and  other  countries.  *Linux  is  a  registered  trademark  of  Linus  Torvalds.  All  third-party  trademarks  are  the  property  ot  their  respective  owners. 


TRE  NDUNES 


a  1 1 1 1 1 1 1 1 1 1 1 


1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1  i  1 1 1 1 1 1 1 1 1 1 1 1 1  i  1 1 1  f  1 1 1 1 1 1 E 1 1 1 1 1 1 1 1 i III  1 1 1 1 1 1 1 i 1 1 1 1 1 1 i 1 1 1 1 1 1 1 1 i lil 1 1 1 1 1 1 1 { 1 1 1 1 1 1 1 1  i 1 1 1 1 1 1 1 1 1 1 1 1 1 1  III  1 1 

Meetings:  Threat  or  Menace? 


working  There’s  nothing  like 
the  announcement  of  another  meet¬ 
ing  to  fill  your  employees  with  dread. 
Meetings  are  often  seen  as  pointless 
time  wasters.  And  too  many  are. 

"The  main  thing  people  hate 
about  meetings  is  that  they’re  poorly 
run  or  don’t  accomplish  anything,” 
says  Glenn  Parker,  team-building 
consultant  and  author  of  Meeting 
Excellence:  33  Tools  to  Lead  Meet¬ 
ings  That  Get  Results. 

Goal-oriented  employees  are 
especially  turned  off,  according  to 
Steven  G.  Rogelberg,  professor  of 
industrial  and  organizational  psy¬ 
chology  at  the  University  of  North 
Carolina,  Charlotte.  He  found  in  a 
2005  study  that  the  job  satisfaction 
of  driven  employees  decreases  as 


the  number  of  meetings  they  attend 
increases.  (Employees  who  are  not 
so  driven  actually  liked  meetings, 
presumably  because  they  were  seen 
as  a  chance  to  be  social.) 

So  how  do  you  make  sure  your 
meetings  are  not  killing  morale? 
Here  are  five  tips. 

1.  Schedule  only  when 
necessary.  The  purpose  of  a 
meeting  is  to  make  a  decision, 
says  Parker.  No  decision  needed, 
no  meeting.  And  include  only  the 
people  whose  input  is  required. 

2.  Reduce  frequency.  A  lot  of 
meetings  are  just  updates,  progress 
reports  and  announcements,  says 
Parker.  That  information  could  be 
communicated  electronically. 

3.  Create  an  agenda.  A  clear 


purpose  (and  time  limit)  for  your 
meeting  is  crucial,  says  Parker. 
Review  the  objective  at  the  start. 

4.  Recap.  When  the  time  limit 
has  been  reached,  close  the  meet¬ 
ing.  Summarize  the  accomplish¬ 
ments,  decisions  and  next  steps. 
“You  don’t  want  people  going  out 
with  a  different  understanding  of 
what’s  been  decided,”  says  Parker. 

5.  Do  the  minutes.  Send  out 
a  draft  and  ask  for  input.  Final  ver¬ 
sions  should  be  sent  once  input  has 
been  incorporated.  Sooner  rather 
than  later  is  always  better. 

With  their  powerful  impact  on 
employee  morale  and  their  cost  in 
work  time  lost,  streamlining  and 
improving  meetings  deserves  your 
attention.  -Diann  Daniel 


Meet  the  New  Boss. .  .and  His  Buddies 


Jim  Keyes 


ON  THE  MOVE  In 

September,  Blockbuster 
CEO  Jim  Keyes  hired  two 
executives  who  worked  for 
him  when  he  was  CEO  of 
7-Eleven:  Keith  Morrow,  as 
Blockbuster’s  new  CIO,  and 
David  Podeschi,  as  the  Dal¬ 
las-based  DVD  rental  chain’s 
senior  VP  of  merchandising, 
distribution  and  logistics. 

CEOs  often  hire  executives  who’ve 
worked  for  them  in  the  past  because 
that  enables  them  to  roll  out  their 
new  business  initiatives  more  quickly, 
according  to  Sam  Gordon,  director  of 
Harvey  Nash  Executive  Search’s  CIO 
practice.  "Having  tried-and-tested  peo¬ 
ple  they’ve  worked  with  before  could  be 


very  healthy  because  they 
understand  each  other’s 
personal  dynamics,"  he 
says.  The  downside,  of 
course,  is  the  troubling  whiff 
of  cronyism  that  can  make 
establishing  relationships 
with  existing  staff  harder  for 
the  new  executives. 

“Normally,  when  a  new 
executive  joins  an  organization,  they 
spend  their  first  few  months  establish¬ 
ing  relationships  and  getting  the  lay 
of  the  land,”  says  Gordon.  "Executives 
brought  in  by  others  may  feel  they  don’t 
need  to  invest  as  much  time  doing 
that  because  they’ve  already  got  the 
backing  of  the  top  person.”  In  fact,  says 
Gordon,  to  be  successful  in  such  a  situ¬ 


ation,  CIOs  have  to  work  even  harder  to 
earn  the  trust  of  existing  executives  and 
staff  because  they  have  to  work  against 
a  preconception.  They  can’t  take  for 
granted  the  support  they  have  from  the 
CEO.  Nor  can  they  be  as  heavy-handed 
or  hard-nosed  as  they  want.  They 
need  to  be  mindful  of  the  political  and 
organizational  culture  in  which  they’re 
working.  They  also  need  to  realize  that 
existing  staff  may  be  reluctant  to  open 
up  to  them  because  they  know  the  new 
CIO  has  a  direct  line  to  the  CEO. 

"They  have  to  spend  more  time 
developing  relationships,”  says  Gor¬ 
don.  "In  some  ways,  they  have  to  prove 
themselves  more  to  people  internally 
than  they  do  to  their  boss.” 

-Meridith  Levinson 


18  NOVEMBER  1,  2007  |  www.cio.com 


CONVERGENCE 

CHAOS: 

WHAT'S 

YOUR 

UPSIDE? 


Video  games  are  selling  ad  space;  production  studios  are 
releasing  content  via  broadband  providers;  P2P  networks  are 
disrupting  top-down  distribution.  Across  the  board,  technology 
and  media  are  rapidly  merging,  altering  revenue  models  along 
the  way.  Marsh's  Communications,  Media  &  Technology  Practice 
offers  a  holistic  view  of  the  critical  operational  and  financial  risks 
facing  companies,  and  helps  them  find  opportunities  in  the 
new-media  space.  The  upside?  A  business  model  positioned  for 
future  growth.  To  learn  more,  visit  findtheupside.com/cmt 

FIND  THE  UPSIDE  MARSH 

B  MARSH  MCRCEft  KROU 

GUY  CARPENTER  OUyER  WYMAN 


TRENDLINES 


For  more  HOT  JOBS  go  to 
www.cio.com/article/101314 


BY  CHINA  MARTENS 


mmsmn 


Business  Relationship  Manager 

job  description:  A  business  relationship  manager  liaises  between 
the  business  and  IT.  But  “liaison  doesn’t  do  justice  to  the  position,” 
says  Bob  Keefe,  VP  and  CIO  for  Mueller  Water  Products  and  a  for¬ 
mer  business  relationship  manager.  “They  ensure  that  everyone’s 
firing  on  all  cylinders  and  that  the  right  technologies  are  being 
brought  to  bear,"  he  says.  The  position  is  on  a  par  with  a  divisional 
director's  job  and  should  report  to  the  CIO  or  the  office  of  the  CIO. 
Demand  for  internal  IT  projects  and  the  need  to  ensure  such  work  is 
done  right  has  made  this  a  hot  hire,  say  hiring  specialists. 

Slllliilimi!li!iilimiIimmSlilliilll!i!Sm!lliiil!iiS[!!!imiiiSliI!!!l!!i!iii! 


why  you  need  one:  In 

most  companies,  there’s 
still  a  divide  between  the 
business  and  IT.  A  busi¬ 
ness  relationship  man¬ 
ager  bridges  that  gulf 
and  aligns  the  demands 
of  those  two  very  differ¬ 
ent  groups  to  facilitate, 
for  example,  the  smooth 
adoption  of  new  technol¬ 
ogies  by  business  users. 
The  manager  also  keeps 
everyone  reading  from 
the  same  script  when  it 
comes  to  the  company’s 
core  information. 


m 


ra 


$120,000  to 
$200,000 


“They’re  really  looking  at 
methodology  and  mak¬ 
ing  sure  standards  are 
adhered  to,”  Keefe  says. 

desired  skills:  A 

technology-related 
BS  or  MS,  possibly  an 
MBA.  The  bottom  line: 
a  combination  of  strong 
technology  skills  and 
business  acumen.  In 
terms  of  IT  background, 
it  really  depends  on  the 
specific  technologies  an 
organization  is  using, 
says  Jim  Lanzalotto, 
vice  president  of  strat¬ 
egy  and  marketing  at 
outsourcing  firm  Yoh. 

For  instance,  a  com¬ 
pany  that  uses  a  lot  of 
SAP  software  will  likely 
choose  former  SAP  staff 
as  its  business  relation¬ 
ship  managers.  Not  only 
are  they  experts  in  SAP, 
they  also  have  experi¬ 
ence  dealing  with  the 


applications  vendor  and 
its  partners. 

how  to  find  them: 

Network  with  com¬ 
munities  around  the 
technologies  your 
company  uses,  such  as 
professional  organiza¬ 
tions,  consultancies, 
vendors,  their  partners 
and  user  groups.  People 
who’ve  sat  on  internal 
task  forces  and  commit¬ 
tees  may  have  the  right 
stuff  since  they’re  used 
to  working  in  teams  that 
cut  across  divisions. 
Don’t  be  discouraged 
if  you  find  it  hard  to 
locate  candidates.  The 
business  relationship 
manager  is  what  talent 
agencies  tag  a  “purple 
squirrel,"  a  dream  can¬ 
didate  with  a  perfect 
balance  of  skills,  who 
can  prove  hard  to  track 
down. 


what  to  look  for: 

A  business  relation¬ 
ship  manager  must  be 
people-oriented  and 
understand  how  to  lead. 

A  candidate  also  has  to 
have  a  good  handle  on 
the  day-to-day  business 
and  the  IT  tasks  that 
need  to  be  executed. 

elimination  round: 

Try  asking,  “If  we  hired 
you,  how  would  you 
tackle  this  problem?"  A 
candidate  should  offer 
multiple  ways  of  attack¬ 
ing  a  problem  and  dem¬ 
onstrate  that  she  can 
take  both  ownership  of 
and  responsibility  for  it. 

IMumummi 

growing  your 
own: 


While  teaching 
leadership  and  people 
skills  can  be  hard,  it’s 
possible  to  develop 
business  relationship 
managers  internally. 
Look  for  people  with  an 
existing  interest  in  tech¬ 
nology  who  either  have 
undergraduate  busi¬ 
ness  degrees  or  have 
acquired  solid  business 
knowledge  from  work¬ 
ing  in  financial  roles. 
Bringing  them  in  on  a 
project  basis,  or  swap¬ 
ping  them  between 
projects,  can  work  well 
as  a  way  to  see  if  they 
can  quickly  come  to 
grips  with  particular 
issues  and  rapidly  build 
relationships. 


20  NOVEMBER  1,  2007  |  www.cio.com 


Our  new  innovation  is  so  advanced, 
it’s  virtual. 


The  most  valuable  assets  of  your  business  will  now  be  more  secure, 
thanks  to  the  next-generation  Virtual  PC  Center  from  NEC,  a  global 
IT  and  networking  leader.  Our  new  virtual  PC  thin  client  system  is 
designed  to  enhance  PC  data  security,  reduce  total  cost  of  ownership, 
increase  user  flexibility  and  simplify  IT  management  -  all  while  delivering 
multimedia  support.  NEC.  Empowering  you  through  innovation. 


www.necus.com/vpcc 


IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS 


IMAGING  AND  DISPLAYS 


©NEC  Corporation  2007.  NEC  and  the  NEC  logo  are  registered  trademarks  of  NEC  Corporation. 
Empowered  by  Innovation  is  a  trademark  of  NEC  Corporation. 


Empowered  by  Innovation 


Technology  Consulting  from  Accenture. 

Our  work  with  businesses  and  governments 
around  the  world  reveals  a  clear  pattern:  high 
performers  set  themselves  apart  by  positioning 
information  technology  as  a  strategic  asset 
and  a  partner  to  the  enterprise.  Findings  from 
our  comprehensive  ongoing  research  confirm 
that  pattern. 

Accenture  Technology  Consulting  helps  bridge 
the  gap  between  an  organization's  existing  IT 
capabilities  and  its  vision  for  high  performance. 
We  draw  upon  extensive  resources  and  experience 
to  enable  our  clients  to  achieve  their  goals: 

•  Aligning  IT  strategy  with  business  value 

•  Building  an  enterprise  architecture  "blueprint" 

•  Improving  service  levels  between  IT  and 
the  business 

•  Standardization,  consolidation  and 
virtualization  of  IT  infrastructure 

•  Consolidation  and  transformation  of  networks 

•  Maximizing  workplace  technologies  and 
collaboration  tools 

•  Improving  security  across  IT  infrastructure 
and  applications 

•  Renewing  legacy  applications  to  achieve 
greater  flexibility  and  performance 

•  Improving  IT  processes 

•  Engineering  performance  into  system  and 
application  development  life  cycles 


To  learn  more  about  Accenture  Technology 
Consulting,  visit  accenture.com/technology 


In  IT,  the  wrong  metrics  could  be 


worse  than  no  metrics  at  all. 


Not  sure  how  your  IT  investments  measure  up?  You're  not 
alone.  Despite  studies  that  show  a  critical  connection 
between  the  right  success  metrics  and  higher-performing 
businesses,  most  CIOs  still  wrestle  with  measurement 
processes  that  are  unreliable  at  best,  and  misleading  at 
worst.  To  see  how  Accenture  Technology  Consulting  can 
help  you  measure  and  enhance  the  value  of  IT,  visit 
aeeenture.com/teehnology 

•  Consulting  •  Technology  •  Outsourcing 


> 

accenture 

High  performance.  Delivered 


■  -  - 


We’re  looking  for  the 
next  generation  of 
a 


Nominees  should 
currently  be  top  IT 
lieutenants— but  not 
yet  full-fledged  CIOs. 

Visit  www.cio.com/cio-awards/ones-to-watch/ 

today  to  apply. 


Presented  by  CIO  magazine  and  the  CIO  Executive  Council 


Candidates  will  be  nomi¬ 
nated  by  their  CIO  based  upon 
the  characteristics  identified  in 
the  application  at  www.cio 
.com/cio-awards/ones-to- 
watch/.  Candidates  may  also 
nominate  themselves  or  be 
nominated  by  another,  but  all 
nominations  must  be  endorsed 
by  a  CIO. 

A  panel  of  leading  CIOs 
will  judge  the  nominees  and 
choose  the  winners,  who 
will  be  featured  in  a  special 
May  2008  issue  of  CIO. 

inners  will  also  be 
honored  at  the  fourth  annual 
CIO  Leadership  Conference 

to  take  place  May  18-20, 2008, 
at  the  Sheraton  Boston  Hotel. 


callforentrie 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


Business 

Technology 

Leadership 


We  will  accept 
nominations  from  Sept.l 
through  Nov.  16.  For  more  about 
this  prestigious  award,  go  to 

www.cio.com/cio-awards/. 


CHAD  SHAFFER 


Advertising  Supplement 


Microsoft 


CIO 


Custom  Solutions  Group 


The  Microsoft”'  Enterprise  CAL 
Suite  helps  improve  corporate 
compliance  by  gathering 
technologies  that  aid  content 
management,  security  control  and 
auditing  requirements  in  a  single 
cost-effective  software  offering. 


Three  Pillars 


to  Help  Reduce  the  Cost  and  Complexity 
of  Improving  Compliance 


rom  Sarbanes-Oxley  to  Payment  Card  Industry 
(PCI)  standards,  international  rules  and  state  privacy 
acts  such  as  the  California  Information  Practices  Act 
(SB  1386),  organizations  today  have  regulations  com¬ 
ing  at  them  literally  from  around  the  globe.  At  the  same 
time,  they  must  also  comply  with  their  own  policies 
and  procedures,  covering  everything  from  hiring  new 
employees  and  controlling  IT  resources  to  maintaining 
data  security  and  product  quality  standards.  Mitigating 
the  risk  from  litigation  is  another  concern.  In  response 
to  legal  requests,  organizations  may  at  any  time  be 
asked  to  produce  all  sorts  of  legacy  e-mail  and  data 
files,  with  surrounding  metadata  detailing  all  changes. 

Yet  complying  with  all  these  requirements  can  not 
only  help  companies  reduce  the  risk  of  legal  woes  but 
actually  improve  their  business  posture  by  better  defin¬ 
ing  internal  processes  around  disciplines,  including  IT 
management  and  security. 


Complexity  Conundrum 

Organizations  struggle  with  compliance  issues  for 
a  number  of  reasons:  the  sheer  number  of  regulations 
with  which  they  must  comply;  required  IT  controls  that 
are  not  always  clearly  spelled  out;  and  the  fact  that 
responsibility  for  compliance  typically  extends  to  many 


corners  of  an  organization,  not  just  IT. 

The  result:  complex  and  time-consum¬ 
ing  efforts  at  achieving  and  maintaining 
compliance. 

Three  technology  capability  areas 
can  help  address  improving  compliance 
capabilities  within  organizations:  content 
management,  control  of  data  security 
and  access,  and  auditing  and  monitoring. 

Content  management  automation  can 
help  ensure  that  employees  consistently 
comply  with  policies  and  procedures 
with  respect  to  e-mail  and  various  forms 
of  documents,  from  creation  to  expira¬ 
tion.  Too  often,  non-compliance  is  linked 
to  the  lack  of  a  comprehensive  content 
management  system  that  can  enforce 
policies  dictating  which  documents 
are  considered  sensitive  and  how  they 
should  be  handled.  Many  organizations 
lack  business  rules  regarding  record 
retention  policies  and  wind  up  keeping 
records  longer  than  they  need  to,  driving 
up  storage  costs  and  opening  the  door 
for  use  of  outdated  information. 


Advertising  Supplement 


Products  included  under  the 
Microsoft9  Enterprise  CAL  Suite 

Windows  Server  2008  CAL 


While  often  used  to  keep  financial  report¬ 
ing  records,  spreadsheets  aren’t  always  treat¬ 
ed  with  the  proper  level  of  importance.  That 
leaves  financial  data  open  to  errors  and  secu¬ 
rity  breaches  that  can  threaten  compliance. 
Similarly,  only  35  percent  of  employers  have 
an  e-mail  retention  policy,  according  to  the 

2006  Workplace  E-Mail,  Instant  Messaging  & 
Blog  Survey  by  the  American  Management 
Association  and  the  ePolicy  Institute.1 

Controlling  data  security  amounts  to  pro¬ 
tecting  sensitive  records  with  security  tools 
while  preserving  data  confidentiality,  integ¬ 
rity  and  availability.  It  also  means  providing 
effective  management  of  the  various  secu¬ 
rity  tools  at  work  in  the  organization.  It’s  not 
uncommon  for  an  organization  to  accumulate 
numerous  such  tools  over  time,  often  from 
different  vendors,  making  it  a  complex  chore 
to  provide  responsive  security  management. 

Organizations  should  be  able  to  track 
changes  made  to  a  document  over  the  course 
of  its  life  cycle.  Many  regulations  also  require 
organizations  be  able  to  show  they  have  con¬ 
trol  processes  in  place  that  address  the  audit 
and  monitoring  function,  which  can  be  diffi¬ 
cult  if  these  functions  are  all  manual. 

Integrating  Compliance  Capabilities 
within  the  Technology  Platform 

The  Microsoft  platform  of  technologies 
integrates  the  three  compliance  capabilities 
directly  into  its  software  offerings. 

To  manage  content,  Microsoft  software 
now  has  more  features  to  help  organizations 
control  workflow  and  ensure  compliance. 

With  tools  such  as  Microsoft®  Office  Profes¬ 
sional  Plus  2007,  Office  SharePoint®  Server 

2007  and  Exchange  Server  2007,  compliance 
becomes  a  natural  extension  of  employees’ 
work  environment. 

A  new  feature  called  Content  Types,  for 
example,  allows  SharePoint  Server  2007  users 
to  built  templates  with  predefined  workflow, 
metadata,  expiration,  access  privileges  and 
other  policies  that  automatically  extend  to 
users’  Word®  and  Excel®  files.  Excel  Services, 
another  new  SharePoint  capability,  allows 
organizations  to  store  a  central  version  of  a 
spreadsheet  that  authorized  users  can  easily 
access  and  modify,  thus  enabling  IT  to  ensure 
that  any  sensitive  information  in  the  spread¬ 
sheet  is  properly  secured.  For  e-mail,  man¬ 
aged  folders  in  Exchange  2007  enables  IT  to 
automatically  manage  user  e-mail,  scanning 
folders  to  retain,  expire  or  journal  communi¬ 
cations  according  to  company  requirements 

Security  is  also  integrated  throughout 
Microsoft  software  solutions  to  address  the 
control  issue.  The  Microsoft  Forefront™  family 
of  business  security  products  easily  integrates 
with  one  another,  with  your  organization’s 
existing  IT  infrastructure,  and  with  third-party 
solutions.  Forefront  enables  end-to-end, 
defense-in-depth  security  with  simplified 
management  and  reporting  from  a  unified 
console. 

Additionally,  Microsoft  Windows®  Rights 
Management  Services  (RMS),  included  with 
the  Windows  Server®  2003  operating  system, 


Exchange  Server  2007  Standard  CAL 
Exchange  Server  2007  Enterprise  CAL 

Office  SharePoint  Server  2007 
Standard  CAL 

Office  SharePoint  Server  2007 
Enterprise  CAL 

Systems  Center  Configuration  Manager 
2007  Configuration  Management 
License  (CML) 

Microsoft  Office  Communications 
Server  2007  Standard  CAL 

Microsoft  Office  Communications 
Server  2007  Enterprise  CAL 

Microsoft  Windows'  Rights 
Management  Services 

System  Center  Operations  Manager 
2007  Client  Operations  Management 
License  (OML) 

Forefront  Security  Suite 

•  Forefront  Client  Security 

•  Forefront  Security  for  Exchange 
Server 

•  Forefront  Security  for  Office 
SharePoint  Server 


Exchange  Hosted  Filtering 


allows  organizations 
and  individuals  to 
set  policies  that  con¬ 
trol  who  can  open, 
copy,  print  and  for¬ 
ward  documents 
and  spreadsheets. 

RMS  also  synchro¬ 
nizes  with  SharePoint 
2007  and  can  pro¬ 
tect  documents  even 
after  they  are  sent 
via  e-mail  or  stored 
on  a  desktop.  Simi¬ 
larly,  Exchange  2007 
includes  numerous 
features  to  support 
corporate  e-mail 
policies,  including 
automatic  retention 
and  expiration  poli¬ 
cies,  encryption  and 
support  for  rights 
management  tech¬ 
nology.  Auditing  and 
monitoring  capabili¬ 
ties  successful  track 
the  contexts  of  docu¬ 
ment  usage  and  com¬ 
munication  history. 

For  instance,  orga¬ 
nization  can  log  and 

audit  real-time  communications  through  instant  message 
tracking  in  Office  Communications  Server  2007.  Share- 
Point  Server  2007  now  enables  mandatory  check-in  and 
check-out  of  content  and  more  granular  versioning  capa¬ 
bilities,  which  are  essential  for  document  management  and 
auditing.  Managers  can  now  use  audit  log  records  to  see 
who  viewed,  modified,  edited  or  deleted  a  file  -  exactly  the 
kind  of  information  likely  to  be  requested  in  a  legal  dis¬ 
covery  case. 

Cost-effectively  Obtaining  Compliance  Capabilities 

Given  that  compliance  touches  so  many  aspects  of  an 
organization’s  IT  infrastructure,  it  must  be  considered  in  an 
enterprisewide  context.  With  its  Enterprise  CAL  Suite,  Micro¬ 
soft  has  an  effective  way  to  allow  organizations  to  obtain 
enterprisewide  technology  capabilities  in  a  highly  cost-effec¬ 
tive  manner.  A  single  Enterprise  CAL  Suite  license  provides 
each  user  in  an  organization  access  to  11  Microsoft  server 
licenses  (see  chart),  encompassing  many  of  the  technologies 
needed  to  improve  corporate  compliance  capabilities. 

The  Enterprise  CAL  Suite  also  gives  customers  a  better 
than  54  percent  discount  vs.  the  cost  of  buying  the  prod¬ 
ucts  separately,  making  it  the  most  cost-effective  mecha¬ 
nism  to  obtain  the  broad  software  offerings  within  the 
Microsoft  technology  platform.  The  Enterprise  CAL  Suite 
also  provides  the  technologies  addressing  communica¬ 
tions,  collaboration  and  security  that  can  be  directly  ben¬ 
eficial  throughout  the  enterprise. 

Compliance  can  be  complex  and  costly  if  the  technolo¬ 
gies  enabling  compliance  are  not  integrated  within  core 
enterprise  IT  capabilities.  The  Microsoft  ECAL  Suite  pro¬ 
vides  compliance  capabilities  that  are  directly  integrated 
within  a  broader  set  of  communication,  collaboration  and 
security  technologies  found  in  the  Microsoft  platform.  • 


For  more  information  about  the  Microsoft  Enterprise 
CAL  Suite,  log  onto  the  Microsoft  Solutions  Center  at 
http://www.cio.com/solutions-center/microsoft_ecal 


7.  www.amanet.org/press/amanews/2006/blogs_2006.htm 


ESSENTIAL 


FROM  INCEPTION  TO  IMPLEMENTATION  — I. T.  THAT  MATTERS 


Edited  by 

Laurianne  McLaughlin 

lmclaughlin@cio.com 


Stop  making 
excuses.  With 
today’s  mature 
tools  and  a  smart 
strategy,  CIOs 
can  affordably 
(and  wisely)  use 
encryption  to 
protect  mobile 
devices. 


No  More  Lost 
Laptop  Drama 

BY  GALEN  GRUMAN 

MOBILE  SECURITY  |  Even  before  her  state  of  California  put  a  stake  in  the  ground 
regarding  public  disclosure  of  data  breaches,  Christy  Quinlan  could  see  the  wisdom  in 
encrypting  client  data  on  mobile  devices.  Shortly  after  Quinlan  became  CIO  of  California’s 
Department  of  Health  Care  Services  in  2005,  one  of  the  agency’s  partners  lost  a  computer. 
The  contractor  had  to  notify  everyone  who  might  have  been  affected,  at  a  cost  of  several 
hundred  thousand  dollars:  And  while  Quinlan’s  staff  had  not  lost  the  laptop,  they  still 
spent  much  of  the  week  before  a  holiday  coordinating  with  the  contractor  to  determine 
the  possible  scope  of  the  security  breach  and  then  ensuring  swift  and  proper  notification. 
“Once  information  is  on  the  loose,  you  can  never  get  it  back,”  Quinlan  says. 

California  eventually  created  a  state  law  that  required  the  public  disclosure  of  data 
breaches  (quickly  followed  by  most  other  states).  But  ironically,  at  the  time  of  Quinlan’s 
contractor  incident,  the  state  was  still  trying  to  figure  out  the  right  internal  policies  to 
protect  data  across  its  many  agencies. 

After  her  experience,  Quinlan  decided  she  could  not  wait  for  that  final  internal  policy,  so 
she  directed  her  staff  to  encrypt  all  data  on  the  field  force’s  2,000  laptops  within  30  days, 


ILLUSTRATION  BY  ANASTASIA  VASILAKIS 


www.cio.com  |  NOVEMBER  1,  2007  25 


EssENTiALtechnology 


which  they  did  using  GuardianEdge’s 
software.  California’s  law  exempts 
encrypted  data  from  requiring  public 
disclosure,  since  the  data  would  be  inac¬ 
cessible  to  thieves.  Quinlan  gambled  that 
the  statewide  policy  direction  under  dis¬ 
cussion  would  ultimately  be  approved, 
and  that  even  if  she  had  to  throw  out  her 
agency’s  specific  system,  the  cost  was  jus¬ 
tified  because  she  was  reducing  so  much 
risk  by  adding  encryption. 

As  it  turns  out,  the  encryption  effort 
proved  less  difficult  than  she’d  feared, 
thanks  to  systems  and  infrastructure 
already  in  place.  The  agency  had  recently 
updated  its  laptops  to  support  Windows 
XP,  providing  sufficient  computing  and 
storage  capabilities  as  well  as  an  operat¬ 
ing  system  to  support  enterprise-class 
encryption  software.  And  the  agency  had 
a  client  management  system  in  place  to 
update  users’  laptops  with  new  software 
and  enforce  encryption  and  other  security 
policies  automatically. 

Make  sure  that  adding  encryption 
doesn’t  add  passwords  for  users. 

-John  Pironti,  chief  risk  strategist,  Getronic 

CIOs  should  take  Quinlan’s  experi¬ 
ence  to  heart,  says  Paul  Kocher,  presi¬ 
dent  and  chief  scientist  of  consulting 
firm  Cryptography  Research.  “Anyone 
not  doing  it  has  no  excuses  anymore,” 

Kocher  says:  Encryption  technology  is 
now  widely  available  and  proven. 

Management  Hurdles 

CIOs  implementing  encryption  on 
laptops  (and  desktops,  for  that  matter) 
should  focus  mainly  on  key  management 
and  user  management  strategies,  advises 
Kocher.  The  encryption  technology  itself 
is  mature:  One  factor  that  varies  from 
vendor  to  vendor  and  enterprise  to  enter¬ 
prise  is  management  techniques.  Main 
issues  include  deciding  what  should  be 
encrypted,  how  to  recover  the  passwords 
that  unlock  encrypted  data  when  users 
lose  them  or  leave  the  company,  and  how 


26  NOVEMBER  1,  2007  |  www.cio.com 


to  make  passwords  available  to  backup 
and  client  management  software  that 
run  unattended. 

Both  California’s  Quinlan  and  Simon 
Szykman,  CIO  of  the  National  Insti¬ 
tute  of  Standards  and  Technology,  use 
whole-disk  encryption,  which  protects 
all  files  on  the  laptop,  even  applications. 
This  type  of  software  used  to  slow  down 
performance  noticeably,  causing  some 
enterprises  to  move  to  file-based  encryp¬ 
tion  instead.  File  encryption  puts  more 
responsibility  on  users  to  save  their  files 
to  the  right  folders  to  ensure  encryption. 
And,  laptops  built  in  the  last  several 
years  can  handle  whole-disk  encryp¬ 
tion  without  hindering  performance. 
“So  why  not  protect  everything?”  says 
Szykman. 

Many  enterprise-class  encryption  tools 
come  with  management  tools  that  issue 
and  reset  passwords  (often  via  Web-based 
self  service  to  reduce  help  desk  involve¬ 
ment).  These  tools  also  update  encryption 


policies  to  laptops  as  they  connect  to  the 
network.  Many  CIOs  would  prefer  hav¬ 
ing  their  existing  PC  client  management 
software  handle  encryption  management, 
but  IT  organizations  are  already  used  to 
having  multiple  consoles  for  antivirus 
and  backup.  So  if  you  can’t  get  a  tool  that 
integrates  into  your  client  management 
system— and  few  do— then  the  hassle  of 
adding  one  more  console  is  still  better 
than  doing  nothing. 

Ken  Juneau,  assistant  VP  and  direc¬ 
tor  of  enterprise  architecture  services  at 
American  National  Insurance,  found 


Get  Hold  of  Handhelds 


Need  help  wrangling  your  company’s 
handheld  PCs?  See  MANAGING 
MOBILE  DEVICES,  www.cio.com/ 
article/28177. 

cio.com 


46°/  of 

businesses 
don’t  put 
encryption 
on  portable 
devices,  even 
after  a  data 
breach. 

SOURCE:  Ponemon  Institute 


that  having  a  separate  management 
console  was  not  that  burdensome  for 
his  PGP  encryption  software. 

California’s  Quinlan  chose  greater 
integration.  For  example,  she  uses  the 
Microsoft  SMS  client  management  tool 
to  ensure  that  the  current  version  of  the 
encryption  client  is  installed  on  every 
laptop,  and  applies  encryption  policies 
through  the  same  Active  Directory  pol¬ 
icy  server  that’s  used  for  everything  else. 
She  also  integrated  password  manage¬ 
ment  with  her  agency’s  single-sign-on 
service,  so  users  have  only  one  pass¬ 
word  to  remember— and  the  help  desk 
has  only  one  to  reset.  But  accomplishing 
this  integration  required  more  up-front 
development  resources,  she  notes. 

None  of  these  IT  leaders  has  provided 
his  or  her  backup  or  client  management 
systems  access  to  the  encryption  pass¬ 
words,  which  would  let  them  act  on 
the  users’  laptops  in  unattended  mode. 
Instead,  users  need  to  be  attached  to  the 
network  and  logged  in  (which  makes 
their  data  accessible)  before  backup  and 
management  tools  operate. 

Above  all,  make  sure  that  adding 
encryption  does  not  add  passwords  for 
users  to  remember,  says  John  Pironti, 
chief  information  risk  strategist  for  IT 
services  consultancy  Getronic .  You  don’t 
want  users  writing  them  down  and  tap¬ 
ing  them  to  their  laptops.  As  he  notes,  “If 
someone  gets  the  password,  the  encryp- 


Xerox  Global  Services  helps  companies  reach  their 
customers  with  personalized  targeted  messages  that  improve 
response  rates  and  boost  customer  loyalty. 

There’s  a  new  way  to  look  at  it. 


To  build  business  you  need  to  reach  customers  on  a 
one-to-one  basis.  Xerox  Global  Services  offers  professional 
and  document  outsourcing  services  to  help  you  customize 
your  customer  communications.  Our  Document  Advisors 
will  show  you  how  to  create  high-impact,  personalized 
messages  from  conception  through  production.  Because 


xerox.com/one-to-one 

1-800-ASK-XEROX 


we  have  years  of  experience  creating  digital  documents, 
our  methods  are  proven  to  drive  greater  customer 
response,  help  build  your  brand  and  be  more  cost 
effective.  Results?  Higher  customer  loyalty  and  business 
performance  you  can  measure.  To  see  how  we  can  improve 
your  business  one  customer  at  a  time,  visit  our  website. 

XEROX. 

Technology  |  Document  Management  |  Consulting  Services  | 


©  2007  XEROX  CORPORATION  All  rights  reserved  XEROX*  and  There's  a  new  way  to  look  at  it*  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countries. 


I  am  fearless. 

I  drive  security  strategy  for  a 
global  500  company. 

I  provide  secure  access  to  business 
resources  anytime,  anywhere. 

I  believe  security  should  connect 
people,  not  isolate  them. 

I  am  fearless.” 


Secure  anytime,  anywhere  access.  When  it  comes  to  security,  most  businesses  understand  what  it  means 
to  fail.  But  few  can  imagine  what  it  would  mean  to  succeed.  RSA’s  information-centric  security  solutions 
can  move  your  business  forward.  That’s  why  we’re  the  chosen  security  partner  of  more  than  90  percent  of 
the  Fortune  500.  Don’t  just  secure  your  business.  Accelerate  it.  Learn  more  at  www.rsa.com/go/glide  The  Security  Division  of  EMC 


Secure  Anytime 
Anywhere  Access 

-A— 


Protect 

Customer  Identities 


Secure 

Enterprise  Data 


Manage  Compliance 
and  Security  Information 


©2007  RSA  Security  Inc.  All  rights  reserved.  RSA  and  the  RSA  logo  are  either  registered  trademarks  or  trademarks  of  RSA  Security  Inc.  in  the  United  States  and/or  other  countries. 

All  other  products  and  services  mentioned  are  trademarks  of  their  respective  companies. 


essential  technology 


Fear  less.  Do  more 


tion  is  meaningless.”  That’s  another  rea¬ 
son  why  California’s  Quinlan  ensured 
that  the  encryption  software  worked 
with  the  agency’s  existing  single-sign- 
on  technology.  NIST’s  Szykman  uses 
the  same  approach. 

The  PDA  Time  Bomb 

What’s  even  more  likely  to  get  lost  than 
a  laptop?  The  increasing  storage  power 
of  handheld  PCs  makes  them  a  ticking 
time  bomb,  warns  Getronic’s  Pironti. 
They  tend  to  be  used  by  executives  who 
work  with  the  enterprise’s  most  critical 
and  valuable  data,  and  “these  guys  lose 
these  things  all  the  time,”  he  says.  The 
problem  for  CIOs:  Encryption  software 
available  for  handhelds  is  not  as  effec¬ 
tive  as  it  needs  to  be,  says  Cryptography 
Research’s  Kocher,  due  to  their  relatively 
limited  computing  capabilities. 

The  only  consolation,  Kocher  says,  is 
that  handhelds  don’t  store  much  data. 
That  will  be  a  bigger  problem  in  the 
future.  Meanwhile,  IT  should  enforce 
password  access  to  the  devices. 

Although  vendors  promote  remote- 
kill  capabilities  to  wipe  a  stolen  or  lost 
handheld’s  data,  this  leaves  a  huge  gap; 
Pironti  notes  that  the  devices  are  vul¬ 
nerable  before  reported  lost  or  stolen. 

Citing  the  unsatisfactory  security 
situation,  NIST  is  considering  stan¬ 
dardization  on  Research  in  Motion’s 
BlackBerry  devices,  which  have  built- 
in  data  encryption  capabilities,  says 
Szykman.  He’d  prefer  to  be  able  to 
allow  the  device  diversity  that  his  users 
would  like  to  have,  and  will  continue  to 
explore  encryption  solutions  available 
for  other  vendors’  offerings,  he  says, 
but  one  option  that  may  emerge  is  not 
supporting  other  PDA  platforms. 

Facilities  service  provider  Aramark 
has  standardized  on  the  BlackBerry 
due  to  security  concerns,  says  CIO  of 
Aramark’s  global  food  and  facility  ser¬ 
vices  businesses  David  Kaufman.  A  big 
BlackBerry  advantage:  “It  has  a  consis¬ 
tent  security  model  across  all  devices 
and  networks,”  he  says,  so  the  tools  are 


quite  reliable.  That  wasn’t  the  case  for 
other  handhelds  he  tested. 

Insurance  Will  Cost 

Ultimately  when  you  encrypt  data, 
you’re  buying  an  insurance  policy, 
which  has  several  costs.  The  obvious 
cost  is  the  up-front  deployment  spend¬ 
ing,  including  software  licenses,  instal¬ 
lation,  integration  and  often  upgraded 
hardware.  For  example,  NIST’s  Szyk¬ 
man  had  to  replace  a  few  laptops 
because  their  hard  drives  were  too  small 
and  their  CPUs  too  slow  to  handle  the 
added  demands  of  encryption.  Then 
there’s  the  several  hours  necessary  to 
encrypt  each  drive  the  first  time,  which 
can  disrupt  user  productivity. 

Increased  requests  of  your  help  desk 
will  be  an  ongoing  cost,  says  Getronic’s 
Pironti.  Users  will  request  more  pass¬ 
word  resets,  and  IT  will  need  to  work 
harder  to  access  encrypted  data  if  the 
data  or  password  gets  corrupted.  Ara¬ 
mark’s  Kaufman  agrees:  “There’s  more 
of  a  burden  for  my  staff.” 

CIOs  can  work  to  manage  the  costs 
of  encryption  deployments.  At  Ara¬ 
mark,  Kaufman  encrypted  all  laptops 
belonging  to  what  he  considered  the 
highest-risk  departments—HR,  pay¬ 
roll  and  health-care  services— but  he’s 
encrypting  other  users’  laptops  only 
when  they  are  replaced  or  require  other 
IT  services. 

“We  want  to  have  maximum  security 
and  minimum  disruption,”  he  says, 
so  a  risk-based  trade-off  is  typically 
required. 

For  these  CIOs,  encrypting  sensitive 
data  that  can  go  missing  in  the  field  just 
constitutes  good  policy.  Encryption 
becomes  another  cost  of  doing  busi¬ 
ness,  says  Kaufman:  “Given  the  value 
of  our  data  and  the  effect  [of  a  breach] 
on  our  reputation,  how  could  we  not 
doit?”  BE] 


Galen  Gruman  can  be  reached  at  ggruman 
@zangogroup.com.  To  comment  on  this 
article,  go  to  www.cio.com/author/41292. 


www.cio.com  |  NOVEMBER  1,  2007  29 


Secure  Anytime 
Anywhere  Access 

Today,  employees,  customers 
and  partners  need  to  connect  to 
your  business  anytime  and  from 
anywhere.  At  the  same  time  you 
need  to  be  certain  that  only  trusted 
parties  gain  access  to  your  critical 
business  resources.  With  RSA’s 
security  solutions  your  users 
enjoy  the  right  access  to  the 
right  resources  at  the  right  time, 
driving  efficiency  and  enabling 
collaboration. 

RSA  can  help  your  organization: 

•  Enable  remote  employees  to  be 
productive  anytime,  anywhere 

•  Extend  secure  online  customer 
self-service  channels  to  spark 
new  business  growth 

•  Foster  collaboration  with 
partners  and  suppliers  reducing 
costs,  broadening  distribution 
channels  and  increasing  sales 


Learn  to  fear  (ess  and  do  more. 
Download  the 
Aberdeen  Group  report 
“Aligning  IT  to  the  Business,” 
and  other  information  at 
www.rsa.com/go/glide 


The  Security  Division  of  EMC 


©2007  RSA  Security  Inc.  All  rights  reserved.  RSA  and  the 
RSA  logo  are  either  registered  trademarks  or  trademarks 
of  RSA  Security  Inc.  in  the  United  States  and/or  other 
countries.  All  other  products  and  services  mentioned 
are  trademarks  of  their  respective  companies. 


Martha  Heller  career  strategist 


The  Longest  Interview 

Four  CIOs  on  how  to  turn  an  interim  job  into  a  permanent  one 


ost  of  us  thrive  in  relatively  defined  structures 

where  we  understand  the  parameters  within  which  we  can 
act,  succeed  or  fail.  As  such,  we  are  typically  uncomfortable 
in  liminal  states— when  we  are  neither  here  nor  there,  nei¬ 
ther  in  nor  out,  neither  fish  nor  fowl.  Acting  CIOs  or  those  in  interim  roles  must 
exist  in  this  gray  area,  often  for  protracted  periods  of  time  while  performing 


Herculean  feats  of  turnaround,  firefighting  and 
influence. 

Whether  you’re  a  number  two  with  a  shot  at  the 
top  or  a  consultant  brought  in  on  an  ad  hoc  basis, 
the  odds  of  getting  the  full-time  job  are  typically 
not  great  for  interim  CIOs.  It’s  relatively  easy  for  an 
external  candidate  to  convince  a  hiring  committee 
that  he  will  do  great  things  in  the  future.  An  internal 
candidate  has  to  do  great  things  in  the  here  and  now. 
And  while  an  external  candidate  can  paint  a  beauti¬ 
ful  picture  of  future  alignment  and  prosperity,  an 
internal  candidate  has  no  choice  but  to  expose  the 
ugly  truth  about  an  IT  organization. 

So  how  do  you  shift  from  acting  to  in  charge?  To 
find  out,  I  checked  in  with  several  CIOs  who  suc¬ 
cessfully  made  this  transition.  Follow  their  tips  and 
you  may  find  yourself  happily  erasing  the  “interim” 


from  your  office  door. 

Don’t  be  a  babysitter.  In  July  2006,  ICG  Com¬ 
merce,  a  procurement  outsourcing  provider,  hired 
Rick  Bunker  for  a  weeklong  consulting  engagement 
on  IT  management  strategy. 

“I  gave  my  report  and  figured  I  was  done,”  he 
says.  About  a  month  later,  a  new  CEO  joined  the 
company  and  asked  Bunker  to  present  his  find¬ 
ings  once  again.  The  CEO  liked  what  he  heard  and 
asked  Bunker  to  consult  as  an  interim  CIO  for  three 
months.  “Two  months  into  my  consulting  engage¬ 
ment,  when  it  was  time  to  finish  up  or  begin  a  new 
statement  of  work,  they  asked  me  to  take  the  per¬ 
manent  role,”  he  says. 

Interim  CIOs  are  often  asked  to  babysit  an  orga¬ 
nization  and  leave  the  major  strategic  moves  to  the 
permanent  CIO.  Bunker  warns  against  allowing 


30  NOVEMBER  1,  2007  |  www.cio.com 


Will... 


Gain  your  IT  Outsourcing  trust 


Give  you  tier-one  service  quality  at  a  tier-two  price 


Deliver  what  we  promise,  on  time,  on  budget 


Reduce  costs  and  increase  quality  with  our 
Integrated  Infrastructure  Management™  solution 


Make  your  IT  processes  and 
business  strategy  work  together 


We  have  been  accelerating  the  return  on 
our  clients'  IT  investments  for  two  decades, 
and  we  have  the  clients,  awards,  recognition, 
track  record  and  growth  to  prove  it. 


Learn  more  at  compucom.com. 


CompuCom 

•  Software  Services  •  Hardware  Services 


IT  Outsourcing  Services 


Application  Services 


1  Martha  Heller  1  career  strategist 


your  role  to  be  defined  this  passively. 

“If  your  CEO  tells  you  to  keep  things  calm 
before  the  new  person  starts,  you’re  in  a  ter¬ 
rible  position,”  says  Bunker.  “Your  peers  will 
see  you  as  ineffective— and  they  are  the  real  decision  makers  as 
to  whether  or  not  you’ll  get  the  job.”  When  Bunker  joined  ICG, 
the  company  was  shifting  from  a  product  to  a  services  strategy, 
and  the  IT  organization  was  misaligned  to  the  new  business 
model.  In  his  first  two  months  on  the  job,  Bunker  restructured 
the  organization,  adopted  an  agile  programming  methodology 
and  set  up  a  new  technical  training  program. 

So  how  do  you  react  when  a  CEO  tells  you  to  stay  in  the 
box?  “If  your  boss  tells  you  that  you  can’t  reorganize  or 
fire  people,  then  develop  strategies  for  transformation  and 
present  them  as  what  you  believe  should  be  done,”  he  says. 
“Develop  a  strategy  and  sell  it,  even  if  you  can’t  execute.” 

Put  a  premium  on  trust.  “When  you  work  as  an  interim 
CIO  in  a  consulting  capacity,  people  can  be  very  forthcom¬ 
ing  with  you  because  they  consider  you  outside  the  political 
fray,”  says  Bunker.  “When  you  make  the  switch  from  interim 
to  permanent,  it  can  be  a  real  shock  to  people  who  have  spo¬ 
ken  more  openly  with  you  than  they  would  have  if  you  were 
a  full-time  employee.” 

If  you  want  your  peers  to  support  your  permanent 
appointment,  you  need  to  make  it  clear  to  them  when  you’re 
the  acting  CIO  that  they  will  still  be  able  to  trust  you  should 
you  wind  up  in  the  permanent  role. 

Pay  attention  to  the  step  below  peer  level.  Consultant 
Jim  Ward  was  named  acting  CIO  of  logistics  company  Pacer 
International  in  December  2006.  He  was  asked  to  run  IT  as 

the  company  conducted 


Join  the  Conversation 


Respond  to  MARTHA  HELLER's 

latest  online  column  by  visiting 

www.cio.com/author/41283. 

cio.com 


an  external  CIO  search. 
Five  months  later,  the 
company’s  CEO  asked 
him  to  take  the  full¬ 
time  job. 

When  Ward  took 
the  interim  job,  he  was  not  planning  to  work  full  time,  but 
he  liked  the  company  and  the  challenges  it  faced,  so  he 
decided  to  accept.  His  advice:  While  it  is  true  that  the  opin¬ 
ions  of  your  C-level  peers  are  a  critical  factor  in  determining 
whether  you  are  right  for  the  position,  you  cannot  ignore 
the  next  level  down. 

“I  spent  much  less  time  with  senior  management  than  I  did 
with  the  business  getting  things  done,”  he  says  of  his  interim 
period.  “If  you’re  helping  managers  run  their  businesses, 
they  will  filter  that  message  all  the  way  up.  If  the  managers 
are  not  happy  with  you,  you  will  probably  not  get  the  job.” 

Be  prepared  to  work  for  a  new  CIO.  When  the  CIO  of 
Covance  left  the  drug  development  services  company  in  June 
2005,  John  Repko,  then  VP  of  global  applications  at  the  com- 


The  odds  of  getting  the  full-time  job  are 
typically  not  great  for  interim  CIOs. 


pany,  was  named  his  interim  successor  and  given  the  perma¬ 
nent  role  the  following  January.  Not  only  did  Repko  need  to 
survive  an  external  search,  he  was  asked  to  participate  in  the 
selection  of  the  permanent  CIO.  The  situation  was  unique 
and  challenging  for  Repko,  but  he  defined  an  approach  for 
himself  and  stuck  with  it. 

“I  came  up  with  a  way  to  evaluate  candidates  where  I  drew 
a  line  and  said  if  the  candidate  is  a  full  step  above  me,  I’ll  be 
big  enough  to  be  prepared  to  work  for  him  or  her,”  he  says. 
“But  if  I  didn’t  think  I  could  learn  something  from  this  per¬ 
son,  I  would  state  my  concern.” 

Be  sensitive  to  the  reaction  of  your  former  peers.  “You 
need  to  understand  that  not  everyone  will  be  happy  for  you,” 
says  Repko. 

Colleagues  who  feel  they  should  have  been  selected  for  the 
interim  assignment  may  not  be  your  top  supporters.  “You 
cannot  alienate  your  former  peers,”  he  says.  “Be  humble, 
ask  their  advice  often  and  show  them  that  you’re  in  learn¬ 
ing  mode.” 

Be  visible.  Soon  after  he  was  put  in  the  interim  position, 
Repko  built  a  30-60-90-day  plan  for  the  IT  organization  and 
hit  the  road. 

“I  felt  that  it  was  critically  important  that  the  top  leaders  at 
Covance  understood  that  I  was  in  charge  and  was  no  longer 
the  number-two  guy,”  he  says.  “I  did  that  by  going  on  a  world 
tour  to  meet  with  all  of  the  major  business  leaders  and  build¬ 
ing  a  solid  30-60-90  plan  and  reviewing  it  frequently  with 
my  CEO  and  my  peers.” 

Think  short  and  long  simultaneously.  In  November 
2006,  consultant  Rick  Gehringer  was  invited  to  negotiate 
an  outsourcing  agreement  for  the  Brookings  Institution.  By 
January,  the  relationship  turned  into  a  six-month  interim 
CIO  contract  while  the  organization  conducted  a  CIO  search. 
Two  months  into  the  search,  which  began  in  May  2007,  Geh¬ 
ringer  formally  interviewed  for  the  role  and  received  an  offer 
a  month  later. 

His  advice?  “Remember  that  you’re  doing  the  job  they 
hired  you  for  with  one  hand  and  interviewing  for  the  per¬ 
manent  job  with  the  other,”  he  says.  “You  need  to  deliver  a 
balance  of  short-term  successes,  like  resolving  chronic  infra¬ 
structure  problems,  with  long-term  strategic  vision.” 

In  other  words,  act  like  a  CIO  and  you  may 
just  win  the  job.  BE] 


Martha  Heller  is  managing  director  of  the  IT  Lead¬ 
ership  Practice  at  ZRG,  an  executive  recruiting  firm 
in  Boston.  Reach  her  at  mheller@zrgroup.com. 


32  NOVEMBER  1,  2007  |  www.cio.com 


THINKTHIN. 


Take  the  one-minute  Storage  Weigh-in: 
www.3PAR.com/thinkthin 

Find  out  exactly  how  fat  or  fit  your  storage  environment  is.  Join  the 
companies  that  are  getting  their  storage  environments  in  tip-top 
shape — flexing  their  lean,  capacity-saving  muscles  with  3PAR  Utility 
Storage  and  3PAR  Thin  Provisioning! 

Visit  www.3PAR.com/thinkthin  and  weigh  in  using  the  Think  Thin 
Storage  Calculator. 


3  PAR 

Serving  information  Think  Thin.  Think  Green.  Think  3PAR. 


John  Baldoni  [  THINK  TANK _ _ 

Get  Outside  Your 
Comfort  Zone 

To  innovate,  try  learning  trom  the  best,  even  when  that  means  looking 
outside  your  own  field 


long  time  ago  I  had  the  opportunity  to  spend  a  season 

following  the  Grand  Prix  circuit  in  Europe.  My  role  was  that  of 
cameraman,  but  more  often  I  was  a  utility  person,  doing  what¬ 
ever  needed  doing,  especially  when  it  came  to  lifting,  hauling 
or  moving  things.  As  unglamorous  as  my  job  was,  I  did  have  the  opportunity 
to  observe  race  teams  up  close. 


Then,  as  now,  Ferrari  was  king  of  the  hill.  I 
marveled  at  the  raw  power  of  the  highly  tuned 
machines  and  the  synchronized  actions  of  the  pit 
crews.  I  never  thought  that  what  I  was  observing 
would  become  a  model,  a  generation  later,  for  how 
surgeons  manage  patient  care. 

One  of  the  challenging  tasks  that  surgeons 
face  is  the  patient  handoff—  that  is,  transferring  a 
patient  from  the  operating  room  to  a  hospital  room. 
Research  shows  that  such  transfers  account  for  a 
high  percentage  of  patient  errors,  some  of  which 
can  be  injurious.  Why?  According  to  The  Wall  Street 
Journal,  handoffs  require  patient  history,  proper 
medication  and  a  full  assortment  of  equipment,  all 
of  which  need  to  be  managed  with  exquisite  timing 
and  forethought. 

For  just  this  reason,  Great  Ormand  Street  Hos¬ 


pital  in  London  has  partnered  with  Ferrari  racing 
to  discover  how  its  pit  crews  manage  and  plan  for 
routine  events  as  well  as  the  unexpected  ones  that 
occur  during  a  race.  What  the  physicians  learned 
contributed  to  their  development  of  a  new  standard 
for  patient  handoffs.  The  handoffs  resulted  in  a 
significant  reduction  in  technical  and  communica¬ 
tions  errors  that  could  have  been  harmful  to  patient 
health,  according  to  the  Journal  report. 

Look  Beyond  Your  Borders 

Amazing?  In  one  sense,  yes.  But  what  the  good  doc¬ 
tors  did  is  what  savvy  businesspeople  have  done 
for  generations— learning  from  the  best,  even  when 
the  best  is  not  in  your  own  field.  Benchmarking  is 
standard  practice  in  most  companies,  but  often 
such  benchmarking  focuses  on  companies  in  like 


34  NOVEMBER  1,  2007  |  www.cio.com 


Your  potential.  Our  passion. 

Microsoft 


A  Global  Hotel  Company  Analyzing  1.4  Million  Records  a  Day.  How  does  Hilton  forecast  demand  for  its  370,000 

Running  on  Microsoft  SQL  Server  2005.  rooms  and  its  caterin9  services?  They  import  data 

from  six  systems  into  one  data  warehouse  requiring 

7  million  rows,  and  running  on  SQL  Server™  2005  with 
99.98%  uptime.*  See  how  at  microsoft.com/bigdata 


Microsoft 


I ! !  1 1 1 !  1 1 


HUH  John  Baldoni  I  think  tank 


industries.  Manufacturers  study  manufacturers;  healthcare 
providers  study  other  healthcare  providers. 

Such  studies  are  useful,  but  they  only  end  up  generating 
incremental  improvements.  To  make  a  great  leap  forward, 
you  need  to  break  out  of  the  benchmark  to  study  something 
completely  different,  as  the  doctors  who  studied  Ferrari  did. 
Before  embarking  on  such  a  venture,  however,  it’s  good  to 
consider  what  you  hope  to  gain  from  such  an  exploration. 
Here  are  some  questions  to  consider. 

What’s  your  aspiration?  More  than  fifty  years  ago,  one 
man  had  a  harebrained  idea  that  an  amusement  park  could 
be  a  nice  clean  place  where  families  could  come  and  have  a 

good  time.  That  man 
was  Walt  Disney.  He  set 
about  creating  the  mod¬ 
ern-day  theme  park  that 
would  be  based,  at  least 
in  part,  on  animated 
or  movie  attractions  that  his  company  had  created.  People 
thought  he  was  crazy;  the  only  models  for  such  entertainment 
were  traveling  circuses  and  carnivals. 

Disney  was  undeterred.  He  took  as  his  model  the  idea  of 
service  entertainment  in  which  the  park  was  the  stage,  cus¬ 
tomers  were  guests  and  the  total  show  was  the  “unique  guest 


Leadership  Insights 


Read  John  Baldoni's  ON  LEADERSHIP 
column  at  www.cio.com/author/411H. 


cio.com 


experience.”  Not  only  did  Disney  create  a  Magic  Kingdom,  he 
created  a  role  model  for  the  hospitality  industry  itself. 

What  do  you  want  to  improve?  For  generations  of  cus¬ 
tomers,  buying  a  car  was  one  of  the  single  most  unpleasant 
experiences  of  their  lives.  Customers  felt  alternately  irritated, 
hassled  and  mistrusted  every  time  they  walked  onto  a  dealer 
lot.  Such  experiences  are  not  what  Japanese  luxury  carmakers 
wanted  to  follow  when  they  introduced  their  upscale  models 
to  the  U.S.  So  whom  did  they  study  for  comparison?  Not  car 
dealers,  but  luxury  hoteliers.  The  Japanese  put  their  U.S.  deal¬ 
ers  through  an  immersion  course  in  hospitality.  Eventually  the 
entire  auto  industry  caught  on  to  the  practice,  and  today  cus¬ 
tomer  satisfaction  has  improved  over  what  it  was  years  ago. 

What  can  you  learn?  Once  a  year,  the  University  of 
Pennsylvania’s  Wharton  School  puts  its  MBA  candidates 
through  a  one-day  session  at  the  Marine  Corps’  Quantico 
training  center.  There,  future  corporate  leaders  experience 
a  bit  of  the  rigor,  hardship  and  induced  stress  that  Marines 
undergo  in  preparation  for  becoming  officers.  Such  an  experi¬ 
ence  not  only  gets  the  students  out  of  the  classroom,  it  forces 
them  out  of  their  comfort  zone.  It  gives  students  an  appre¬ 
ciation  for  making  decisions  under  pressure  while  feeling 
physically  uncomfortable.  Through  this  experience  they  gain 
insights  into  situational  awareness— that  is,  what  is  happen- 


As  valuable  as  information  and  insights 
gained  from  outside  sources  can  be,  it  is 
essential  to  remain  true  to  your  roots. 

Hospitals  can  learn  from  racing  teams 
about  improving  patient  care,  but  the 
lessons  in  diagnosis,  treatment  and 
therapy  will  come  from  fellow  medical 
professionals. 


ing  around  them  and  what  they  must  do 
about  it. 

Knowing  Your  Limits 

As  valuable  as  information  and  insights 
gained  from  outside  sources  can  be,  it  is 
essential  to  remain  true  to  your  roots.  For 
example,  as  much  as  the  hospitals  can  learn 
from  racing  teams  or  lean  manufacturers 
about  improving  patient  care,  the  lessons 
in  diagnosis,  treatment  and  therapy  will 
come  from  fellow  medical  professionals.  It  is  not  likely  that 
Ferrari  can  teach  doctors  about  cardiac  surgery  techniques, 
any  more  than  a  doctor  can  teach  a  Ferrari  technician  about 
minimizing  fuel  consumption  during  a  race. 

Looking  outside  your  own  world  has  strong  benefits  in 
enabling  you  to  do  what  you  do  better,  but  there  is  another 
advantage.  Looking  beyond  your  own  four  walls  is  liberat¬ 
ing.  By  getting  outside  of  your  own  place,  you  can  observe 
what  others  do.  It  is  like  being  a  traveler  in  a  foreign  land. 
Everything  looks,  feels,  tastes  and  even  acts  different  from 
what  you  are  accustomed  to.  Your  powers  of  observation  are 
heightened;  you  pay  attention  to  the  slightest  details.  And 
in  doing  so,  you  are  exposing  yourself  to  new  ideas.  What’s 


more,  being  in  new  places  stimulates  the  creative  juices. 

You  cannot  help  but  wonder:  What  if  we  did  that  in  our 
place?  Sometimes  the  results  would  be  disastrous,  but  some¬ 
times  magic  occurs.  And  that’s  worth  all  the  observation  in 
the  world.  QQ 


John  Baldoni  is  a  leadership  communications  consultant  who  works 
with  Fortune  500  companies  as  well  as  nonprofits, 
including  the  University  of  Michigan.  He  is  the  author 
of  six  books,  the  most  recent  being  How  Great  Lead¬ 
ers  Get  Great  Results.  Visit  his  leadership  resource 
website  at  www.johnbaldoni.com.  To  comment  on 
this  article,  go  to  www.cio.com/article/ 137000. 


Some  days,  it  feels  like  you’re  being  hit  from  every  angle. 

The  CEO  wants  the  overall  view  of  the  business.  The  CFO  wants  the  variance  to  plan.  And  half 
a  dozen  business  managers  want  their  reports.  Now. 

That’s  why  you  need  Cognos.  We  are  the  experts  in  performance  management,  delivering  the 
only  complete  system  on  a  single  software  platform,  including  reporting,  analysis,  scorecarding, 
planning,  and  forecasting.  It’s  highly  intuitive,  giving  all  your  users  easy  access  to  information 
and  total  confidence  in  their  decisions.  Unlike  SAP  and  Oracle,  we  have  17  years  of  proven 
performance  management  experience.  And  with  over  23,000  satisfied  customers,  we  know 
how  to  make  you  look  like  the  hero  you  are. 

Proceed  with  confidence.™  To  find  out  more,  visit  www.cognos.com/actionhero  today. 


Copyright  ©  2007  Cognos  Incorporated.  All  rights  reserved. 


THE  NEXT  LEVEL  OF  PERFORMANCE  - 


©2007  Verizon  Wireless.  All  Rights  Reserved.  Verizon  Wireless  is  a  registered  trademark  of  Verizon  Trademark  Services  LLC.  All  other  trademarks  are  the  property  of  their  respective  owners. 


|w> 

Access  Built-In 


BUILT-IN 

mobility  to  work  when  and  where  you  need  to. 


No  PC  Cards.  No  hotspots.  Pure  wireless  productivity. 

BroadbandAccess  Built-In  for  browsing  the  Internet,  email,  and  accessing 
company  networks  offers  you  the  freedom  of  working  where  you  need  to  on 
America's  most  reliable  wireless  broadband  network.  Enjoy  the  benefits  of  a 
high-speed  wireless  connection  without  the  need  for  PC  Cards  or  hotspots. 

To  learn  more,  visit  www.verizonwireless.com/BUILTIN. 


FREE  3-DAY  TRIAL 

- AND  UP TO - 

$100  MAIL-IN  REBATE 

with  two-year  activation  on  a  BroadbandAccess  plan.* 


Now  available  from  these  leading  notebook  manufacturers: 


Dei.L  P/3  /enoi/o 

i  I  *  M  I 


Panasonic 

Itoughbook'I 


TOSHIBA 


veriZOn  wireless 


■ 

i*  Rebate  available  on  select  notebooks  from  participating  suppliers  equipped  with  Verizon  Wireless  BroadbandAccess  Built-In.  Offer  good  on  accounts  activated  through  12/31/07,  with 
continuous  service  for  at  least  30  days.  Rebate  takes  up  to  8  weeks.  Activation  fee/line:  $35  ($25  for  $59.99  BroadbandAccess  plan).  Offer  not  available  on  federal,  state,  or  local  government 
lines  of  service.  Cannot  be  combined  with  other  offers.  BroadbandAccess  service  is  available  to  more  than  210  million  people  in  245  major  metropolitan  areas  and  194  primary  airports  in  the 
U.S.  Network  details  and  coverage  maps  at  www.verizonwireless.com.  See  www.verizonwireless.com/bestnetwork  for  details. 


Chris  Potts 


APPLIED  INSIGHT 


Let  the  Business 
Drive  IT  Strategy 


Some  CIOs  are  better  than  others  at  executing  an  IT  strategy.  Their  secret:  a 
simple  plan  that  helps  business  leaders  make  the  right  technology  decisions. 


Those  who  are  skilled  at  executing  a  strategy/'  Sun  Tzu 

wrote,  “bend  the  strategies  of  others  without  conflict.”  This  prin¬ 
ciple  helps  explain  why  some  CIOs  are  having  more  success 
than  others  at  executing  strategy.  The  IT  department  that  held  a 
monopoly  over  its  company’s  IT  is  gone,  and  with  it  the  control-based,  IT-eentric 
strategy  conceived  for  the  mainframe  era.  Changes  in  the  business  environ¬ 


ment  have  rendered  such  strategies  unexecutable. 

With  the  advent  of  Web  2.0  and  the  bizarrely 
named  “shadow  IT,”  CIOs  know  that  their  span  of 
control  over  IT  decisions  is  more  limited  by  the  day. 
Instead,  the  executives,  managers,  staff  and  custom¬ 
ers  at  their  companies  all  have  their  own  de  facto 
IT  strategies.  Faced  with  this  challenge,  CIOs  are 
exploring  their  options,  which  include  abandoning 
the  idea  of  an  IT  strategy,  sticking  with  the  old  way 
(but  often  only  on  paper)  or  forging  a  new  genera¬ 
tion  of  IT  strategies.  Wrapped  up  in  this  decision  is 
the  ultimate  destiny  of  the  CIO  role  itself. 

The  CIO’s  challenge  now  is  to  capture  and  chan¬ 
nel  the  energy  of  individuals’  personal  strategies 
for  exploiting  IT.  Backed  by  a  corporate  purpose 
to  maximize  total  value,  innovate,  constrain  over¬ 
all  cost  and  mitigate  risk,  CIOs  must  focus  on,  as 


Tzu  might  say,  “bending”  some  of  these  personal 
strategies  toward  a  better  conclusion  or— in  the  case 
of  individuals  who  are  pursuing  goals  not  aligned 
with  the  company  strategy— into  a  dead  end. 

The  End  of  IT  Strategy 

Two  inflection  points  have  directed  us  to  where  we 
are  today.  The  first  was  the  switch  to  client-server 
computing  that  started  20-odd  years  ago  and  went 
global  with  the  Internet.  The  second  was  the  busi¬ 
ness  executive’s  response  to  Y2K  and  the  dotcom 
boom.  Businesspeople  stopped  believing  the  IT 
hype,  suspecting  that  investments  were  being  driven 
more  by  suppliers’  strategies  rather  than  by  their 
own.  They  took  control  of  the  IT  agenda  at  the  big- 
picture  level  and  focused  on  two  things  they  under¬ 
stand  very  well:  cost  and  business  innovation. 


40  NOVEMBER  1,  2007  |  www.cio.com 


ADVERTISING  SUPPLEMENT 


.PERSPECTIVES 

Today's  IT  Leaders  on  Market  Trends 


RISK,  COMPLIANCE 
&  SECURITY 

Relentless  Challenges  Require  Integrated  Strategies 


In  today’s  enterprise,  considering  the  risk  of  lost 
opportunity  is  every  bit  as  important  as  addressing 
the  risks  lurking  throughout  an  organization’s  finan¬ 
cial,  legal  and  regulatory,  human  and  operational 
resources.  Historically,  it’s  been  stan¬ 
dard  practice  to  manage  risk,  comply 
with  regulations,  and  secure  techno¬ 
logical  assets  through  independent, 
siloed  departments.  Adopting  such  a 
posture,  however,  limits  an  organiza¬ 
tion’s  ability  to  capitalize  on,  rather 
than  react  to,  risks  no  matter  where 
they  occur. 

Increasingly,  C-level  executives  are 
coming  to  realize  the  domains  of  risk, 
compliance  and  security  don’t  exist  in 
functional  isolation.  Threats  to  any  one 
of  those  domains  have  a  cascading  effect  that  touches  every 
aspect  of  a  business,  no  matter  where  they  originate.  As  a 
result,  risk- adept  organizations  are  reevaluating  the  way  they 
approach  the  domains  of  risk,  compliance  and  security.  To 
complement  governance  activities  such  as  finance,  risk, 
legal,  audit,  information  technology,  and  human  resources, 
businesses  are  developing  new  positions — chief  compliance 
officer,  chief  security  officer — to  increase  visibility  and 
emphasize  the  importance  of  the  organization’s  risk  posture. 
Most  important,  organizations  are  approaching  risk,  com¬ 
pliance  and  security  as  a  single  integrated  challenge,  with  C- 
level  executives  from  CIOs  and  CFOs  to  CCOs  and  CSOs 
addressing  these  issues  in  a  collaborative  manner. 

A  recent  survey  of  executive  and  senior  management  at 
large  enterprises  conducted  by  IDG  Research  Services 
confirmed  that  businesses  are  shifting  from  siloed 
approaches  to  integrated  risk,  compliance  and  security 
strategies.  A  majority  of  respondents  (70  percent)  rate  the 


need  to  address  these  issues  in  an  integrated  manner  as 
either  a  critical  or  high  priority. 

More  than  three-quarters  of  those  surveyed  say  their 
level  of  involvement  in  collaborating  across  the  business 
on  risk,  compliance  and  security 
matters  is  either  “high”  (they’re 
proactive  in  advising  and  support 
deploying  technology)  or  “medium” 
(they  advise  and  support  the  business 
on  request).  Slightly  more  than  a 
third  of  respondents  report  their 
activities  with  these  issues  have 
increased  in  the  past  year.  Nearly  half 
say  they  engage  at  the  same  level  they 
did  in  the  previous  12  months. 

Strategic  Imperatives 

The  legacy  of  siloed  solutions  has  its  roots  in  the  way 
companies  have  defined  C-level  executives’  responsibili¬ 
ties.  CFOs  focused  on  financial  reporting  and  the  busi¬ 
ness’  performance.  The  Chief  Security  Officer  typically 
has  been  a  part  of  IT,  where  mitigating  risk  means  focus¬ 
ing  on  things  like  data  encryption 
and  disaster  recovery.  The  Chief 
Compliance  Officer  focuses  on  acting 
in  accordance  with  Sarbanes-Oxley 
and  other  regulations,  and  the  conse¬ 
quences  of  noncompliance.  But  those 
corporate  officers  now  need  to  be 
more  aware  of  each  other’s  concerns 
and  work  more  collaboratively  as  they 
identify  risk  across  their  domains. 

Not  surprisingly,  most  companies’ 
risk,  compliance  and  security  activi¬ 
ties  become  reactive,  rather  than 


About  CI02CI0 
Perspectives:  This 
peer-based  thought 
leadership  program 
analyzes  quantitative 
research  and  tests 
it  via  qualitative 
interviews  with  actual 
CIOs.  The  resulting 
executive  insight  is 
then  disseminated 
via  CXO’s  multimedia 
assets.  To  learn  more 
about  CI02CI0 
Perspectives, 
please  contact 
mavery@cxo.com. 


Custom  Solutions  Group 


By  J  Management 
flC**  ^Technology 
Consultants 


C  I  O  2  C  I  O 


1 


ADVERTISING  SUPPLEMENT 


proactive.  It’s  difficult  to  think  strategically  when  faced 
with  a  new  regulation,  a  data  security  breach  or  a  natural 
disaster — the  complications  of  everyday  business.  After 
all,  the  goal  is  to  keep  the  enterprise  running,  which 
underscores  the  importance  of  stepping  back  and  devel¬ 
oping  a  strategy  that  sees  the  domains  of  risk,  compliance 
and  security  as  inseparably  intertwined. 

There  are  also  fiscal  and  performance  upsides  to 
doing  so.  Two-thirds  of  respondents  reported  using 
different  applications  and  end-user  computing  tools  to  sup¬ 
port  their  risk,  compliance  and  security  activities 
and  initiatives.  But  piecemeal  solutions  are  costly  solutions. 
Beyond  the  obvious  expenses — those  related  to  deploying 
and  maintaining  point  solutions  to  deal  with  each  new 
threat — come  costs  that  aren’t  immediately  apparent.  For 
example,  when  a  company  operates  in  quick-fix  mode  to 
address  external  mandates,  it  may  not  recognize  that  that 
action  might  cause  a  potential  problem  internally. 

And  costs  compound  in  other  ways.  Bottom  line: 
Treating  the  symptoms  instead  of  the  problem  is  expen¬ 
sive.  But  by  aggregating  initiatives  and  consolidating 
processes  and  systems,  leaders  can  drive  substantial — and 
sustainable — performance  improvement. 

Risk  Is  Both  A  Threat  and  an  Opportunity 

Companies  that  fail  to  develop  integrated  risk, 
compliance  and  security  strategies  limit  their  growth 
potential.  Further,  looking  at  risk  as  both  a  threat  to  be 
mitigated  and  as  an  opportunity  to  gain  competitive 
advantage  can  turn  related  expenses  into  a  solid  return  on 
an  investment.  For  example,  when  considering  compli¬ 


ance  with  a  new  regulation,  consider  putting  processes 
and  systems  in  place  that  deliver  both  compliance  and 
increased  efficiency.  Can  a  new  business  initiative  benefit 
customers  and  at  the  same  time  help  your  company  be 
more  secure  and  more  compliant? 

Fully  79  percent  of  companies  surveyed  indicate  their 
company’s  risk,  compliance  and  security  processes  and  sys¬ 
tems  leave  room  for  improvement.  They  cite  processes  and 
systems  that  don’t  perform  adequately,  a  lack  of  common 
strategy  and,  in  the  worst  cases,  strategy,  planning  and  sys¬ 
tems  that  don’t  address  threats  to  their  organizations. 

But  they're  looking  for  ways  to  improve.  Roughly 
half  of  the  respondents  to  the  IDG  survey  want  to 
implement  enterprise-wide  business  applications  as 
their  company’s  risk,  compliance  and  security  solution. 
Such  solutions  scale  well  across  enterprises  of  differing 
size  and  scope.  The  key  is  to  avoid  duplicating  controls, 
identify  risk  across  the  enterprise,  and  avoid  siloed, 
unintegrated  solutions. 

By  developing  a  fully  integrated  approach  to  risk,  com¬ 
pliance  and  security  across  the  enterprise,  companies  will 
be  able  to  leverage  technology  to  gain  greater  return  on 
investments  and  use  the  opportunities  to  help  develop 
more  agile  business  models  that  let  you  capitalize  on, 
rather  than  react  to,  threats  no  matter  where  they  occur.  ■ 


Go  to  www.cio.com/whitepapers/rcs 

to  obtain  a  free  download  of  the  complete  white  paper  “Where  Risk, 
Compliance,  and  Security  Intersect.  ”  Based  on  a  major  research  survey 
by  IDG  Research  Services,  this  just-released  white  paper  features  in- 
depth  discussions  with  CIOs  and  draws  on  peer  insights  to  help  CIOs 
create  more  effective  and  ejfcient  IT  systems. 


The  Risk-Adept  Risk  Management  Framework 


While  many  consulting  firms  help  businesses  address  their 
risk,  compliance,  and  security  problems,  few  focus  on  the 
interconnected  nature  of  these  activities.  BearingPoint,  a  lead¬ 
ing  management  and  technology  consulting  company  that 
serves  the  Global  2000  and  many  of  the  world’s  largest  public 
services  organizations,  offers  a  different  approach.  Its  Risk 
Management  Framework  is  designed  to  consider  a  company’s 
business  strategy,  process  and  technology  and  apply  it  to 
industry  leading  practices  and  models.  In  the  case  of  risk  man¬ 
agement,  it  uses  the  COSO  ERM  (Committee  of  Sponsoring 
Organizations  of  the  Treadway  Commission  Enterprise  Risk 
Management)  framework. 

JR  Reagan,  BearingPoint  Managing  Director  and  Global 
Solution  Leader,  Risk,  Compliance  and  Security,  says,  "As  gov¬ 


ernment  and  industrial  regulations  proliferate,  enterprises  are 
coming  to  realize  there  are  more  regulations  than  they  can  real¬ 
istically  be  compliant  with.’’ 

As  a  result,  companies  must  to  be  more  strategic  in  their 
approach  to  risk,  compliance  and  security,  implementing  a 
framework  that  integrates  these  domains.  Reagan  says,  “Only 
then  will  their  risk,  compliance  and  security  framework  accom¬ 
modate  the  unexpected  when  it  comes.” 

“What  does  being  'risk  adept’  and  applying  an  integrated 
framework  buy  you?”  Reagan  asks.  “Your  risk,  compliance  and 
security  initiatives  can  meet  the  immediate  reactive  needs  plus 
add  tangible  value  to  the  business.  You  respond  faster,  seizing 
opportunities  before  your  competitors  can  act.  Risk  can  become 
a  driver  of  improved  business  performance  and  insight.” 


hub 

Custom  Solutions  Group 


CI02CIQ 


2 


ClO.com’s  e-Mail  Newsletters 

The  Updated 

Management  & 

Enterprise 

Information  You  Want 

Delivered  right  to  your  desktop. 

It’s  the  best  way  to  keep  one  step  ahead  of  the  competition. 

US  Advice  &  Opinion 

□  CIO  News  Watch 

This  week’s  top  advice  &  opinion  postings. 

The  week’s  top  news  stories. 

Q  CIO  Careers 

□  CIO  Mobile 

Advice  for  your  career  plus  job  postings. 

Providing  information  on  emerging  wireless 

US  CIO  Enterprise 

technologies  and  infrastructure. 

Enterprise-level  technology  information, 

□  CIO  SOA 

news  and  tools. 

Your  resource  for  service-oriented  and 

US  CIO  Enterprise  Applications 

enterprise  architecture. 

A  CIO’s  monthly  guide  for  enterprise 

□  CIO  Tech  Poll 

resource  planning. 

Results  of  our  quarterly  survey,  covering  IT’s 

US  CIO  Information  Security 

overall  health  as  well  as  spending  and  trends. 

IT  security  information  and  news  the  CIO 

□  CIO  Tech  Watch 

needs  to  know  about. 

The  latest  IT  news,  reviews  &  analysis. 

□  CIO  Insider 

LI  CIO  Whitepapers 

Your  guide  to  the  latest  from  CIO.com. 

Your  guide  to  new  and  upcoming  whitepapers. 

US  CIO  Leader 

US  Research  from  CIO 

Updates,  insights  and  advice  from 

Highlights  of  CIO’s  most  recent  IT  research. 

CIO.com  on  hiring,  firing  and  inspiring. 

Sign  up  now  for  ClO.com’s  complimentary  e-mail  newsletters 

www.cio.com/newsletters 

[ 

WE 

Business  Technology  Leadership 

r 


Chris  Potts  APPLIED  insight 


These  two  inflections  put  IT  decision  making  in  the  hands 
of  nontechnologists  at  both  operational  and  strategic  levels. 
Yet  formal  strategies  for  IT  have  largely  remained  the  prov¬ 
ince  of  IT  departments  and  vendors.  Few  non-IT  executives 
and  managers  have  defined  their  strategies  for  investing  in  IT; 
such  strategies  are,  therefore,  de  facto.  CIOs  can  either  let  these 
de  facto  strategies  be,  rely  on  an  orthodox  IT  strategy  or  lead 
a  business-defined  strategy  for  exploiting  technology. 

So  far,  CIOs’  responses  have  been  mixed.  Some  have  con¬ 
tinued  with  an  orthodox  IT  strategy.  Others  have  abandoned 
having  a  strategy  for  IT,  which  is  reasonable  if  the  company 
is  an  expert  consumer  of  IT  and  can  bend  the  strategies  that 
its  vendors  and  partners  attempt  to  impose. 

Some  CIOs  have  taken  the  third  approach.  They  are  col- 

Strategies  for  IT  are  becoming 
integral  to  business  strategies, 
and  the  value  of  having  a 
corporate  CIO  needs  to  be 
discovered  all  over. 


;  ' 
!  I 


laborating  with  their  executive  colleagues  to  formulate,  ratify 
and  execute  a  corporate  strategy  for  IT.  This  is  different  from 
the  traditional  strategy  that  consists  of  tens  or  hundreds  of 
pages  of  diagrams  and  prose  and  can  take  months  to  develop. 
The  business-defined  strategy  can  be  formulated  in  days  and 
summarized  on  one  page.  It’s  easy  to  understand,  explore  and 
remember,  as  well  as  apply  to  everyday  decisions. 

A  Strategy  for  the  Future 

This  simple  strategy  has  three  sections:  the  promise  (the 
business  outcome  the  strategy  will  achieve),  key  principles 
(truths  that  apply  to  every  IT  decision)  and  core  tactics  (the 
things  the  company  will  do  to  execute  the  strategy). 

Although  each  strategy  for  exploiting  IT  is  unique,  all 
have  some  comparable  features.  Each  is  a  bona  fide  corporate 
strategy,  not  that  of  a  technology  supplier  or  a  group  of  tech¬ 
nicians.  With  a  promise  to  create  maximum  value,  its  first 
principle  recognizes  that  IT,  on  its  own,  creates  no  value.  A 

standalone  IT  invest- 


More  from  Chris  Potts 


ment  budget  is  there¬ 
fore  illogical,  so  a  core 
tactic  is  to  integrate  IT 
investments  with  the 
business  plans  that 
need  them  and  manage 
the  big  picture. 

Such  a  strategy  focuses  primarily  on  the  community  of 
technology  users.  Whereas  traditional  IT  strategies  were 
mainly  about  the  IT  department  and  its  suppliers,  the 


Read  why  CIOS  ARE  PESSIMISTIC  and 

join  the  discussion  at  advice.cio.com/ 
chris_potts/the_main_proponents_ 
of_cio_bashing_are_cios_themselves_ 
apparently. 

cio.com 


new  strategy  focuses  on  the  people  who  shape,  source  and 
exploit  their  company’s  IT  investments.  Calling  those  people 
“shadow  IT”  exposes  a  mind-set  that  is  dangerously  at  odds 
with  today’s  reality  and  risks  further  marginalizing  the  IT 
department  from  everyone  else. 

Whither  the  CIO? 

Strategies  for  exploiting  IT  are  already  becoming  integral 
to  broader  business  strategies,  and  in  this  new  context  the 
value  of  having  a  corporate-level  CIO  needs  to  be  discovered 
all  over  again.  The  role  will  adapt  and  evolve,  potentially  into 
something  different  and  even  more  valuable. 

I  was  recently  with  a  U.S.-based  multinational  company, 
helping  it  define  its  strategy  for  optimizing  the  portfolio  of 
businesses  it  has  acquired  over  the  past  few  years.  The  prom¬ 
ise  of  this  strategy— -its  value  proposition— is  to  enhance  bot¬ 
tom-line  performance  by  better  sharing  common  capabilities 
and  without  building  a  shared  services  monolith. 

One  dimension  of  this  strategy  concerns  the  company’s  pro¬ 
cesses,  systems  and  technologies.  To  address  this,  it  is  adopt¬ 
ing  Web  2.0-style  collaboration-based  thinking  (though  not 
necessarily  Web  2.0  technologies)  to  create  a  community  of 
business  unit  CIOs  who  share  and  exploit  their  local  technol¬ 
ogy  investments  for  both  business  unit  and  corporate  gain. 

The  company  set  out  with  the  idea  that  it  might  need  a  cor¬ 
porate  CIO,  but  everyone  is  struggling  to  see  the  value  of  hav¬ 
ing  one.  Instead,  the  solution  it  is  exploring  is  to  have  a  global 
CTO  responsible  for  technology  services  and  reporting  to  the 
COO.  In  place  of  a  corporate  CIO  it  is  looking  to  appoint  a  VP  of 
investments  in  change,  accountable  for  the  return  the  company 
gets  from  all  the  changes  it  invests  in. 

Similar  models  are  emerging  elsewhere,  as  executives  real¬ 
ize  that  their  problems  with  IT  investments  are  a  symptom  of 
problems  within  their  culture  when  it  comes  to  investing  in 
change— problems  that  many  CIOs  do  not  appear  motivated 
or  qualified  to  resolve. 

These  are  strong  signals  for  CIOs  to  focus  the  IT  conversa¬ 
tion  on  exploiting  technology  investments  in  the  context  of 
value-creating  business  change,  and  to  keep  the  technology 
strategy  both  meaningful  and  simple.  In  this  way,  the  CIO 
can  emerge  as  her  company’s  strategic  investor  in  change, 
rather  than  become  marginalized  or  obsolete— provided,  of 
course,  that  CIOs  grasp  and  bend  the  golden  opportunities 
that  their  technology-savvy  colleagues  and  developments 
such  as  Web  2.0  offer.  BQ 


Chris  Potts  is  director  of  Dominic  Barrow,  a  London- 
based  consultancy.  He  can  be  reached  at  cdpotts@ 
dominicbarrow.com.  To  read  a  longer  version 
of  this  article  and  submit  your  comments,  go  to 
www.  cio.  com/article/135202. 


42  NOVEMBER  1,  2007  |  www.cio.com 


— 


End-to-end  enterprise  reliability. 

Fujitsu  PRIMEQUEST™  Servers.  Proven  reliability  to  span  your  enterprise  needs 


Fujitsu  PRIMEQUEST  servers  reflect  our  vast  mainframe  experience  as  well  as  our  deep  commitment  to  reliability. 
With  up  to  32  Intel®  Itanium®  2  Processors  each,  these  powerful,  enterprise-class  servers  will  drive  your  costs  down  by 
using  server  consolidation  to  bridge  the  gap  between  Microsoft®  Windows®  or  Linux®  applications  and  mainframe-class 
scalability,  performance,  and  reliability.  Go  to  us.fujitsu.com/computers/reliability2  for  more  information. 


SYSTEM  MIRROR  fault-immunity  transparently 
guards  against  hardware  errors 


LOWER  TOO  with  integrated  facilities 
that  simplify  administrative  tasks 


FUJITSU 


THE  POSSIBILITIES  ARE  INFINITE 


Itanium  2 

inside" 

Dual-core. 
Do  more. 


I  ©  200?  Fujitsu Computer  Systems  Corporation.  AH  rights  reserved  Fujitsu,  the  Fujitsu  logo  and  PRIMEQUEST  are  trademarks  or  registered  trademarks  ct  Fujitsu  unwed  «.lt«t tinted  States  ano other  countnes  m 
Inside  Logo.  Itanium,  and  Itanium  inside  are  trademarks  or  registered  trademarks  ot  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  or 
m  the  United  States  and/or  other  countries.  Linux  is  the  registered  trademark  of  Unus  TorvaWs  in  the  U.S.  and  other  countries.  All  othar  trademarks  mentioned  herein  are  tlie  property  ot  then  respective  orvners. 


Together. 

Free  your  energies 


We  are  convinced  that  without  freedom  of  action,  there  can  be  no  ambition.  As  a  worldwide 
leader  in  consulting,  technology  services  and  outsourcing,  we  help  you  to  transform  your 
energies  into  tangible  results.  To  move  forward.  And  because  your  problem  is  unique,  the 
solution  will  be  too:  we  work  together  to  find  the  best  answer  for  you.  We  call  this  way  of 
working  together  the  Collaborative  Business  Experience.  What  we’re  known  for.  It  brings 
greater  flexibility,  reactivity  and  creativity,  qualities  that  determine  your  performance. 

Visit  us  at  www.capgemini.com 


Capgemiri 

CONSULTING. TECHNOLOGY. OUTSOURCIN 


Cover  Story  |  Customer  Focus 


Wal-Mart 

Lost  Its 


Two  decades  ago,  the  world’s  number-one  retailer  used  IT  to  reinvent  global 
supply  chains.  Now  Web  2.0  technologies  are  forcing  retailers  to  pay  more  attention 
to  customers.  No  longer  an  IT  leader,  Wal-Mart  is  at  a  crossroads. 


Reader  ROI 

::  How  the  Web  changed 
Wal-Mart’s  IT  needs 

::  The  company’s  approach 
to  technology  leadership 

::  What  IT  leaders  must  do 
to  enable  a  strong  cus¬ 
tomer  focus 


Sam  Walton  didn’t  care  much  for  technology. 

The  legendary  patriarch  of  Wal-Mart  Stores  was  well  known  for  his  lack  of  excite¬ 
ment  about  “computers,”  as  he  called  the  company’s  IT  systems.  “Truthfully,  I 
never  viewed  computers  as  anything  more  than  necessary  overhead,”  he  wrote 
in  his  1992  memoir,  Made  in  America.  “A  computer  is  not— and  will  never  be— a 
substitute  for  getting  out  in  your  stores  and  learning  what’s  going  on.” 

If  Walton  were  alive  today  (he  died  the  year  his  book  was  published),  he  might 
be  saying,  I  told  you  so. 

Many  still  consider  Wal-Mart’s  pioneering,  IT-driven  supply  chain  to  be  the 
world’s  most  efficient,  and  the  company’s  technology  standards  still  command 
respectful  attention  from  its  thousands  of  suppliers.  But  the  $349  billion  retailer 
is  stumbling,  and  IT  has  played  a  role  in  its  woes. 

Last  year,  the  Bentonville,  Ark.-based  behemoth  sold  its  stores  in  South  Korea 


www.cio.com  |  NOVEMBER  1,  2007  45 


Cover  Story 


Customer  Focus 


and  Germany  (incurring  a  $1  billion 
loss  in  Germany  alone),  reportedly 
due  to  its  inability  to  adapt  to  the  local 
cultures  and  unseat  established  play¬ 
ers.  At  home,  Wal-Mart  twice  reduced 
the  number  of  new  U.S.  supercenters  it 
planned  to  open  this  year— the  second 
time,  in  June,  by  30  percent.  In  August, 
the  company  reported  that  it  had  missed 
second-quarter  profit  estimates  and 
warned  that  its  profits  would  be  lower 
than  expected  for  2007. 

Wal-Mart  executives  blamed  this 
slump  on  the  effect  of  high  energy 
prices  on  its  low-income  core  shop¬ 
pers,  as  well  as  the  company’s  failure 
to  move  to  new  high-end  apparel  and 
home-decor  merchandise.  Analysts 
blame  Wal-Mart’s  inattention  to  cus¬ 
tomer  service  at  home,  merchandising 
mistakes  and  its  insensitivity  to  local 
markets  abroad.  Meanwhile,  Wal- 
Mart  has  struggled  online.  Its  website 
lags  behind  competitors  like  Amazon 
.com  and  Target,  and  recent  marketing 
experiments  using  social  networking 
technologies  have  achieved  mixed  suc¬ 
cess.  The  company  has  even  suffered 
in  its  sweet  spot,  with  serious  setbacks 
to  its  deployment  of  radio  frequency 
identification  (RFID)  tags  throughout 
its  supply  chain.  (Wal-Mart  declined 
repeated  requests  for  interviews  with 
CIO  Rollin  Ford  and  others.) 

The  company’s  performance,  said 
President  and  CEO  Lee  Scott  in  a  press 
release,  “is  not  what  we  expect  of  our¬ 
selves,  and  not  what  our  sharehold¬ 
ers  expect  of  us.”  He  said  management 
would  spend  the  rest  of  this  year  “focused 
on  inventory  improvements,  delivering 
quality  products  at  low  prices,  and  store 
execution  at  the  highest  standards.” 

At  the  Crossroads 

Wal-Mart  today  is  caught  between 
two  worlds:  Walton’s,  where  a  zealous 
commitment  to  “everyday  low  prices” 
is  enforced  (despite  Walton’s  skepticism 
about  “computers”)  by  IT-assisted  deci¬ 
sions  made  in  Bentonville,  and  a  new 
global  marketplace  in  which  the  retail¬ 
er’s  sheer  size  is  not  as  big  an  advantage 


45  Years  of  Wal-Mart  IT 

How  the  retail  giant  applied  technology 
to  cope  with  growth  and  fuel  its  global  expansion. 


1962  0  First  Wal-Mart 
opens  in  Rogers,  Ark. 

1975  3  With  more  than 
125  stores  and  $340.3 
million  in  sales,  Wal-Mart 
leases  an  IBM  370/135 
computer  system  to 
maintain  inventory  con¬ 
trol  for  all  merchandise 
in  the  warehouse  and 
distribution  centers  and 
to  prepare  income  state¬ 
ments  for  each  store. 


1985  0  Wal-Mart  has  882 
stores  and  sales  of  $8.4 
billion. 

1987  O  Wal-Mart  com¬ 
pletes  what  is  at  the  time 
the  largest  private  satel¬ 
lite  communication  sys¬ 
tem  in  the  United  States. 
It  links  all  operating  units 
of  company  and  head¬ 
quarters  with  two-way 
voice,  data  and  one-way 
video  communication. 


Electronic  cash  registers 
in  more  than  100  Wal- 
Mart  stores  record  point- 
of-sale  (POS)  data  to 
maintain  inventory. 


19770  Wal-Mart  builds  a 
companywide  computer 
network  and  deploys  a 
system  for  ordering  mer¬ 
chandise  from  suppliers. 


A  check-in  system 
designed  to  take  full 
advantage  of  container 
bar-code  labeling  is  in  the 
back  room  of  every  Wal- 
Mart  store. 

1990  O  A  data  warehouse 
prototype  is  created  to 
store  historical  sales 
data. 


1979  O  Wal-Mart  sales 
top  $1.2  billion,  making 
it  the  first  company  to 
reach  $1  billion  in  sales— 
in  only  17  years.  The 
company  builds  a  com¬ 
puter  center  and  installs 
the  first  terminal  in  a 
store:  an  IBM  3774. 

1983  3  The  company 
begins  to  use  bar  codes 
for  scanning  POS  data. 

1984  3  Store  associ¬ 
ates  start  using  Texlon 
handheld  terminals  when 
reordering  merchandise. 
Upon  scanning  a  shelf 
label,  the  unit  provides  a 
description  of  the  mer¬ 
chandise,  information  on 
prior  quantities  ordered 
and  other  data. 

Bob  Martin  is  named  CIO. 


1992  3  Wal-Mart  deploys 
the  Retail  Link  system 
to  strengthen  supplier 
partnerships.  The  system 
provides  vendors  infor¬ 
mation  on  sale  trends  and 
inventory  levels. 

19933  Randy  Mott 
becomes  CIO. 

1995  3  Wal-Mart  has 
stores  in  50  states,  for  a 
total  of  1,995  Wal-Mart 
stores,  239  Supercent¬ 
ers,  433  Sam’s  Clubs  and 
276  international  stores. 
Sales  top  $93.6  billion. 

1996  3  Wal-Mart  makes 
Retail  Link  and  EDI  avail¬ 
able  via  the  Internet  and 
begins  using  the  Internet 
as  an  application  platform. 

Wal-Mart  and  Sam’s  Club 
launch  online  stores. 


2000  3  Kevin  Turner 
becomes  CIO. 

2002  3  Wal-Mart 
chooses  the  Internet 
for  data  exchange  with 
thousands  of  its  global 
suppliers. 

Linda  Dillman  becomes 
CIO. 

Wal-Mart  has  its  biggest 
single-day  sales  in  his¬ 
tory:  $1.43  billion  on  the 
day  after  Thanksgiving. 

2004  3  Wal-Mart 
announces  it  will  deploy 
radio  frequency  identifi¬ 
cation  (RFID)  technology 
on  Jan.  1,  2005. 

2006  3  Rollin  Ford  is 
named  CIO. 

Wal-Mart  redesigns 
Walmart.com,  starts 
experimenting  with  Web 
2.0  and  social  networking 
tools,  and  contracts  with 
Oracle  and  Hewlett-Pack¬ 
ard  to  use  their  price- 
optimization  and  Bl  retail 
applications. 

The  company  ends  the 
year  with  $349  billion 
in  sales,  nearly  2  million 
employees  and  6,775 
stores  worldwide. 

2007  3  Wal-Mart 
launches  Site  to  Store 
service,  enabling  online 
customers  to  pick  up 
merchandise  in  stores. 

-T.W. 

SOURCES:  Academy  of  Informa¬ 
tion  &  Management  Sciences 
Journal,  2006;  CIO  reporting; 
Walmart.com 


46  NOVEMBER  1,  2007  |  www.cio.com 


Promise  what  we  deliver. 

Deliver  what  we  promise.  That's 

certainty 


Critical  situations.  Ruthless  competition.  Unforgiving  customers.  Thankfully  you  can  be  absolutely 
sure  of  your  IT  solutions  with  Tata  Consultancy  Services  (TCS).  As  one  of  the  world's  fastest 
growing  technology  and  business  solutions  providers,  TCS  has  built  a  reputation  of  delivery 
excellence  based  on  world-class  IT  solutions  that  are  on  time,  within  budget  and  consistently 
deliver  superior  quality.  So,  it  comes  as  no  surprise  that  we  pioneered  the  concept  of  the  Global 
Network  Delivery  Model.  Developed  Innovation  Labs  and  Solution  Accelerators.  Achieving 
a  level  of  delivery  excellence  that  provides  greater  value  to  our  customers  and  is  the  industry 
benchmark.  Enabling  our  clients  to  experience  certainty. 


TATA  CONSULTANCY  SERVICES 

Experience  certainty. 

IT  Services  ■  Business  Solutions  ■  Outsourcing 


To  learn  how  your  business  can  experience  certainty,  visit  www.tcs.com 


Cover  Story  |  Customer  Focus 


as  it  once  was.  Competitors  such  as  Target 
and  Tesco  can  match  Wal-Mart  in  tech¬ 
nological  sophistication  and  surpass  it 
by  innovating  in  new  retailing  segments 
with  higher-margin  goods. 

“Wal-Mart  was  making  their  margins 
on  sourcing  and  great  technology  sys¬ 
tems,  but  everyone  has  got  that  now,”  says 
Patricia  Edwards,  a  portfolio  manager  and 
managing  director  at  Wentworth,  Hauser 
and  Violich  who  focuses  on  retail. 


partner  with  Retail  Systems  Research. 

In  fact,  it  does  appear  that  the  big  ol’ 
dog  is  learning  some  new  tricks.  In  2006 
Wal-Mart  bought  retail  applica 
tions  from  HP  and  Oracle,  and 
quietly  contracted  with  a 
social  networking  company, 

Bazaarvoice.  It’s  clear  that 
just  squeezing  more  pen¬ 
nies  out  of  the  supply  chain 
won’t  cut  it  anymore. 


One  challenge  for  Walmart.com  is  similar 

to  what  it  faces  in  its  stores:  a  disconnect 
between  what  it  is  selling  and  what  its 
customers  want  to  buy.  If  its  core  shoppers 
aren’t  buying  upscale  clothes  and  home 

decor  products  in  the  store, 
they’re  unlikely  to  buy  them  online. 


The  question  for  Wal-Mart  CIO  Ford 
is  how  much  the  legendary  IT  infrastruc¬ 
ture  and  supply  chain  systems  that  turned 
Wal-Mart  into  a  juggernaut  (it  has  nearly 
2  million  employees  and  6,775  stores 
worldwide)  can  help  right  a  listing  ship. 
The  command-and-control,  technology- 
enabled  culture  that  allowed  Wal-Mart  to 
flourish  may  not  help  it  maintain  its  market 
dominance.  Greg  Buzek,  president  of  IHL 
Consulting  Group,  which  advises  retailers, 
says  that  store  managers  say  in  key  areas 
where  Wal-Mart  has  tried  to  grow,  such  as 
in  apparel  sales,  the  company  has  relied  too 
much  on  centralized  decision  making— for 
example,  letting  corporate  systems  override 
local  input  about  what  items  to  stock. 

Moreover,  analysts  say  that  Wal-Mart’s 
reliance  on  homegrown  IT  systems— and 
its  conviction  of  their  superiority— needs  to 
change.  Ford  and  his  team,  they  say,  must 
bring  in  best-of-breed  commercial  applica¬ 
tions,  such  as  business  intelligence  (BI)  and 
price-optimization  tools,  that  can  help  it 
compete  with  rising  retail  superstars  such 
as  Target,  JCPenney  and  Tesco.  “We  can¬ 
not  overestimate  how  much  packaged  soft¬ 
ware  can  help  them  right  now,”  says  Paula 
Rosenblum,  an  analyst  and  managing 


“For  years,  Wal-Mart  was  held  up  as 
a  shining  example  of  cutting-edge  think¬ 
ing  in  retail  technology,”  says  Edwards. 
“But  today,  when  I  hear  about  a  retailer 
doing  something  cutting  edge,  it’s  never 
Wal-Mart  being  talked  about.” 

The  Good  Old  Days 

It’s  hard  to  imagine  Wal-Mart  as  a 
scrappy  underdog,  but  that’s  what  it  was 
in  the  1960s  and  ’70s.  Walton  was  often 
heralded  as  a  modern-day  Robin  Hood, 
building  his  retail  discount  chain  for  the 
cost-conscious  masses. 

Despite  Walton’s  aversion  to  technol¬ 
ogy,  he  assembled  a  team  that  was  cer¬ 
tain  IT  could  be  a  game  changer— and 
that  wasn’t  afraid  to  challenge  his  Lud¬ 
dite  views.  “[Sam]  was  smart  enough 
to  know  we  needed  technology,”  recalls 
Bob  Martin,  who  as  CIO  from  1984  to  1993 
and  a  member  of  the  Wal-Mart  executive 
committee  from  1985  to  1999  gets  much  of 
the  credit  for  Wal-Mart’s  IT  innovations. 
“[But]  he  made  sure  the  technology  never 
got  in  the  way  of  keeping  our  people.” 

The  emphasis  on  developing  top  man¬ 
agement  talent  extended  to  the  IT  depart¬ 
ment.  Just  as  GE  is  known  for  turning  out 


CEOs,  Wal-Mart  has  produced  several  of 
today’s  top  technology  leaders  (see  “Six 
Degrees  of  Randy  Mott,”  Page  50).  Randy 
Mott,  who  succeeded  Martin,  was 
CIO  of  Dell  and  is  now  CIO  of 
HP;  Kevin  Turner,  who  fol¬ 
lowed  Mott,  is  COO  of  Micro¬ 
soft.  Rick  Dalzell,  who  as  VP  of 
IS  developed  Wal-Mart’s  data 
warehousing  systems,  is  retir¬ 
ing  this  year  as  CIO  of  Amazon 
.com,  where  he  is  credited  with  cre¬ 
ating  Amazon’s  legendary  e-commerce 
engine  and  CRM  system  for  gathering  and 
analyzing  customer  and  sales  data. 

“They  are  the  kind  of  people  that 
flourished  in  a  competitive  environment 
where  innovation  was  a  premium,  where 
risk  was  allowed,”  Martin  says.  “We  all 
had  one  mission:  to  be  number  one.  We 
were  not  caught  up  in  our  own  egos.”  Says 
Turner:  “We  believed  in  the  power  of  the 
team  to  do  extraordinary  things.” 

That  team  had  a  killer  instinct.  Mott 
says  his  22  years  at  Wal-Mart  nurtured  his 
competitiveness.  “I  hate  to  lose,”  he  says. 
Martin,  meanwhile,  pushed  his  troops 
hard.  “Tough  love,”  Turner  calls  it.  Martin 
concedes  as  much.  “I  guess  it’s  part  of  my 
DNA,”  he  says.  “It’s  a  quality  that  when  it’s 
governed  well  is  a  good  quality.  To  a  large 
extent,  it’s  a  culture  of  Wal-Mart.” 

With  that  culture  in  place,  Wal-Mart 
IT  emerged  as  a  major  influence  not  just 
in  retail  but  also  in  the  supply  chain,  B2B 
communications  and  data  processing 
fields.  “They  didn’t  make  a  move  without 
everyone  in  their  industry  and  beyond 
copying  them,”  says  John  Fontanella,  VP 
of  research  at  AMR  Research.  “So  many 
ideas  that  are  commonplace  today  came 
out  of  Wal-Mart  at  that  time.”  (See  “45 
Years  of  Wal-Mart  IT,”  Page  46.) 

For  example,  Wal-Mart  was  an  early 
adopter  of  bar-code  scanning  and  was  the 
first  retailer  to  use  satellite  technologies 
that  enabled  daily  inventory  feeds  into  its 
distribution  systems.  It  also  pushed  the 
envelope  on  data  storage  in  a  corporate 
environment  (cataloging  more  than  100 
terabytes— a  huge  amount  of  data  for  the 
time)  and  exhorted  the  retail  industry  to 
adopt  electronic  data  interchange  (EDI) 


48  NOVEMBER  1,  2007  |  www.cio.com 


Your  CEO  will  want  Telepresence. 
Get  in  front  of  it...  Now! 


The  worldwide  leader  in  video  and  voice  is  the  real 

presence  in  telepresence. 


•  100%  standards-based  to  fit  into  your  environment 

•  Simple  to  manage  and  maintain 

•  Low  footprint,  lowest  bandwidth  consumption 

•  Flexible  room  configuration  from  4  seats  to 
28  seats  to  suit  your  application 

•  Patented  EyeConnect™  technology  and  true  stereo  HD  audio 
for  a  more  natural,  fully  immersive  meeting  experience 

•  RealPresence™  Experience  with  up  to  48:9  aspect 

ratio  screen  with  Cinematic  View 

POLYCOM* 

TOGETHER,  GREAT  THINGS  HAPPEN. 


www.polycom.com/rpx/cio 


Cover  Story  |  Customer  Focus 


for  purchase  orders  and  invoices. 

But  it  was  the  joint  effort  with  Procter 
&  Gamble  in  the  late  1980s  to  develop  a 
continuous  replenishment  system  that 
enabled  Wal-Mart  to  transform  supply 
chain  management.  Beginning  in  1992, 
Wal-Mart’s  Retail  Link  system  integrated 
point-of-sale  (POS)  and  store-shelf  data 
to  automatically  trigger  manufacturing 
orders  to  its  suppliers  when  stocks  were 
low.  Wal-Mart  eventually  mandated  that 
its  top  2,000  suppliers  integrate  with 
Retail  Link,  and  everyone  got  on  board.  It 
was  a  sign  of  Wal-Mart’s  growing  power, 
though  its  ability  to  dictate  to  its  partners 
was  never  universally  applauded.  Says 
Bobby  Cameron,  a  principal  analyst  at 
Forrester  Research:  “The  gorillas  dance 
together,  but  the  monkeys  dance  to  not 
get  stepped  on.” 

Martin  recalls  that  the  mandate  worked 
because  suppliers  got  something  in  return. 
“We  let  our  suppliers  have  access  to  the 
same  information  [about  sales]  that  our 
buyers  did,”  he  says.  Even  though  manage¬ 
ment  sought  to  keep  control  of  IT  firmly 
centralized,  Martin,  Mott  and  Turner 
always  sought  buy-in  for  projects  from  the 
bottom  up.  “We’d  start  with  the  customer 
and  work  backward,”  Turner  recalls. 

IT  would  generate  a  great  idea,  and 
“they’d  bring  it  all  the  way  down  to  the  store 
managers,  even  to  the  associate  level,”  con¬ 
curs  analyst  Fontanella.  “Everyone  had  to 
buy  into  it.  There  was  no  innovation  that 
they  did  that  was  thought  up  at  the  corpo¬ 
rate  level  and  forced  down  into  stores.” 

That  culture  of  enterprisewide  buy-in, 
combined  with  a  surging  belief  in  using  IT 
to  drive  the  business,  recalls  Mott,  “really 
allowed  us  to  play  a  role  and  to  think  about 
IT  a  little  ahead,  if  not  a  lot  ahead,  of  some 
other  companies  in  our  time.” 


The  RFID  Experiment 

Inside  CIO  Ford’s  IT  department  today, 
success  on  such  a  grand  scale  has  been 
harder  to  come  by.  Ford,  a  logistics  and 
supply  chain  expert  who  has  been  with 
Wal-Mart  for  20  years,  took  over  in  2006 
from  Linda  Dillman,  who  was  reassigned 
as  executive  vice  president  of  risk  man¬ 
agement,  benefits  and  sustainability 


of  Randy  Mott 


The  former  Wal-Mart  CIO  and  his  ex-colleagues 
are  a  who’s  who  of  corporate  IT  leadership 


The  man  whom  former  Wal-Mart  CIO  Randy  Mott  calls  his  mentor,  Bob 

Martin  (Wal-Mart’s  CIO  from  1984  to  1993),  says  his  protege  is  an  "excep¬ 
tionally  bright”  and  "highly  competitive”  leader.  But  smarts  and  ambition 
aren't  the  only  ingredients  to  a  successful  career.  Who  you  know  helps,  too. 

When  Mott  joined  HP  in  2005  (after  a  stint  at  Dell),  he  reunited  with  an 
old  pal— CEO  Mark  Hurd.  They  met  when  Hurd  was  selling  NCR  gear  to  Mott 
at  Wal-Mart.  Mott,  meanwhile,  claims  he  has  mentored  10  C-level  executives 
across  multiple  industries  within  the  Fortune  100,  some  of  whom  he  brought 
to  HP.  Here’s  a  sampling  of  the  IT  heavyweights  who  have  a  connection  to  Mott. 

Kevin  Turner 

In  1999,  Mott  promoted  Turner  to  assistant  CIO— a  newly  created  position. 
When  Mott  left  for  Dell,  Turner  got  his  job,  and  later  became  president  of 
Sam's  Club.  In  2005  he  became  Microsoft’s  COO.  While  Mott  received  a 
$2.2  million  signing  bonus  from  HP,  Turner  bested  his  old  boss  with  a  $7 
million  incentive. 

Rick  Daizeii 

Dalzell,  who  is  retiring  this  year  as  CIO  of  Amazon.com,  honed  his  data 
warehousing  chops  at  Wal-Mart  under  Mott.  Amazon  founder  Jeff  Bezos 
plucked  Dalzell  out  of  Wal-Mart  in  1997.  Dalzell  went  on  to  create  Amazon’s 
legendary  e-commerce  engine  and  its  CRM  system  for  analyzing  customer 
and  sales  data.  Wal-Mart  retaliated  by  suing  Amazon  (among  others)  for 
allegedly  stealing  Wal-Mart’s  trade  secrets  by  pilfering  its  IT  workers.  The 
suit  was  settled  in  1999. 

Linda  Dillman 

The  CIO  of  Wal-Mart  from  2002  to  2006  joined  the  retailer  in  1991,  when 
Wal-Mart  acquired  her  company,  The  Wholesale  Club.  Mott  promoted  her 
to  vice  president  in  1999.  Dillman  launched  Wal-Mart’s  controversial  RFID 
initiative.  She  was  named  to  Fortune's  “50  Most  Powerful  Women  in  Busi¬ 
ness”  list  four  years  in  a  row  and  is  now  Wal-Mart’s  EVP  of  risk  manage¬ 
ment,  benefits  and  sustainability. 

Charlie  McMurtry 

McMurtry  spent  his  early  career  alongside  Mott  at  Wal-Mart,  working  in 
applications  development.  He  was  instrumental  in  the  development  of  Wal- 
Mart’s  first  Supercenter,  according  to  a  press  release  announcing  his  pro¬ 
motion  to  vice  president  in  1999.  McMurtry  reunited  with  Mott  at  HP,  where 
his  responsibilities  include  supply  chain  and  data  warehouse  systems, 
databases  and  product  engineering. 

Sue  Brann 

The  former  “people  director”  for  Mott’s  IT  division  at  Wal-Mart,  Brann 
followed  Mott  to  Dell  and  now  HP.  In  her  current  role  she  is  head  of  IT  plan¬ 
ning,  administration  and  governance.  -T.W. 


50  NOVEMBER  1,  2007  |  www.cio.com 


NetOp 


www.NetOpTech.com 


Take  Control  -  Anytime,  Anywhere 


NetOp  Remote  Control  -  Rernote|/  manage  networks, 
applications  arid  data  using  non-polling  technology  and 


255-bit  encryption. 


NetOp  Netfilter  -  100%  dynamic  text  and  image  web  content 
filter,  that  doesn't  require  maintaining  a  static  black  list. 

NetOp  On  Demand  -  Internet-based/  remote  control  help 
desk  solution  that  doesn't  require  pre-installed  software  and 
doesn't  leave  a  footprint. 

NetOp  Mobile  -  Fast  and  secure  remote  control  system  for 
sharing  information  with  mobile  devices. 


off  Wv\r5 

866-907-2971 
USsales@NetQp. 


iiydiiti'jn  •jj’oiuuUun  cudm  ClD  J 


,w& 


Ana  lysts  say  C 1 0  Ro 1 1  i  n  Ford  m ust 
bring  in  best-of-breed  commercial 
applications,  such  as  Bl  and  price- 
optimization  tools,  that  can  help  it 
compete  with  rising  retail  superstars 
such  as  target,  JCPenney  and  Tesco. 


Cover  Story  |  Customer  Focus 


after  four  years  as  CIO. 

Ford  inherited  an  organization  that  was 
in  the  throes  of  a  bleeding-edge  supply 
chain  experiment,  which  many  analysts 
say  distracted  the  group  from  concen¬ 
trating  on  other  pressing  needs,  such  as 
enabling  Wal-Mart’s  new  merchandising 
strategies.  The  signature  of  the  Dillman  era 
was  her  ambitious  program  to  put  RFID 
tags  on  a  percentage  of  the  products  Wal- 
Mart’s  suppliers  shipped  to  its  distribution 
centers.  The  idea  was  to  streamline  the 
supplier-Wal-Mart  pipeline  and  solve  the 
age-old  out-of-stock  problem.  Unlike  bar 
codes,  RFID  tags  don’t  need  to  be  “seen” 
to  be  tracked,  and  wireless  technologies 
monitoring  RFID-tagged  stock  can  provide 
unprecedented  visibility  into  warehouse 
and  store-shelf  inventories. 

The  initiative,  begun  in  2003,  was 
applauded  for  its  vision,  but  also  criticized 
for  its  technological  shortcomings,  a  lack  of 
a  defined  ROI  and  the  financial  burden  it 
placed  on  suppliers,  many  of  whom  didn’t 
even  know  what  RFID  stood  for,  let  alone 
how  to  implement  it.  Even  now,  it’s  hard  to 
call  RFID  ready  for  prime  time.  A  2007  sur¬ 
vey  by  CompTIA,  the  IT  trade  association, 
found  that  nearly  70  percent  of  surveyed 
organizations  believe  there’s  an  insuf¬ 
ficient  pool  of  RFID  talent  to  hire.  Simon 
Ellis,  the  former  supply  chain  strategy 
director  for  Unilever  North  America,  one 
of  the  eight  Wal-Mart  suppliers  that  joined 
the  company’s  initial  RFID  push,  says  he 
“felt  very  strongly  as  far  back  as  2004  that 
consumer-packaged  goods  was  probably 
an  ill-conceived  early  adopter  industry  for 
RFID.”  Ellis  now  leads  the  supply  chain 
strategies  practice  at  IDC’s  Manufacturing 
Insights  (IDC  is  a  sister  company  to  CIO’ s 
publisher).  “The  margins  are  simply  not  big 
enough,  and  there’s  an  enormous  amount 
of  complexity,”  he  adds. 

Most  suppliers  have  done  the  mini¬ 
mal  amount  of  work  necessary  to  satisfy 
Wal-Mart’s  mandate,  and  their  only  ROI 
is  the  ability  to  keep  Wal-Mart’s  business. 
“[Wal-Mart]  failed  to  work  with  suppliers 
to  establish  a  strong  value  proposition,” 
says  Fontanella.  “They  were  thinking  the 
value  of  RFID  was  self-evident.  Most  sup¬ 
pliers  didn’t  feel  that  way.” 


As  a  result,  Wal-Mart  has  achieved 
less  than  it  hoped.  Only  3  percent  of  the 
company’s  20,000  suppliers  are  reported 
to  be  using  RFID.  And  the  retailer  has 
acknowledged  that  it  failed  to  meet  its 
own  goal  of  deploying  RFID  in  12  of  its  137 
distribution  centers  by  the  end  of  2006. 
Wal-Mart  brass  has  claimed  the  initia¬ 
tive  was  always  focused  more  on  getting 
benefits  from  store-level  RFID  systems, 
rather  than  from  the  distribution  centers 
(in  May,  the  company  reported  RFID  had 
reduced  out-of-stocks  in  stores  by  30 
percent).  But  analysts  dismiss  that  claim. 
“They  thought  that  it  would  grow  much 
faster,”  says  AMR’s  Fontanella. 

Dillman,  the  public  face  of  Wal-Mart’s 
RFID  revolution,  joined  the  retailer  in  1991 
and  became  CIO  in  2002.  When  she  was 
reassigned,  there  was  speculation  that 
Wal-Mart  executives  were  discouraged 
with  the  RFID  project’s  progress.  Ford 
has  affirmed  Wal-Mart’s  commitment 
to  RFID,  although  he  has  also  acknowl¬ 
edged  that  there’s  much  work  to  do.  No 
one  knows  yet  if  the  RFID  project  will, 
in  time,  turn  out  to  be  this  generation’s 
Retail  Link. 

At  the  same  time,  analysts  say,  Ford 
must  turn  his  attention  to  new  solutions 
that  the  business  requires.  The  RFID 
project  “distracted  them  from  the  need  to 
become  more  granular  in  their  merchan¬ 
dising  assortments,”  says  RSR’s  Rosen- 
blum.  While  IT  focused  its  energy  on  the 
supply  chain,  the  business  desperately 


Learn  More 


Read  why  CONTAINING  SUPPLY  CHAIN 
COSTS  WON’T  HELP  CUSTOMER  SERVICE 
at  www.cio. com/article/136750. 

cio.com 


needed  help  with  its  new  product  initia¬ 
tives  and  customer  relationship  strate¬ 
gies.  “The  object  of  the  game  is  to  align 
IT  with  the  business,  and  IT  was  aligned 
with  business  of  the  1990s,”  says  Rosen- 
blum.  “In  2006,  Wal-Mart  decided  that  it 
had  to  shift  its  priorities  and  IT  couldn’t 
jump  fast  enough.” 

It’s  a  Web  2.0  World 

Wal-Mart  is  struggling  to  build  an  online 
presence.  It  ranks  13th  in  Web  sales  vol¬ 
ume  among  retail  businesses,  according 
to  industry  watcher  Internet  Retailer,  even 
though,  according  to  Web  data  analysis 
company  Alexa,  Walmart.com  is  the  third- 
most  popular  retailing  website  based  on 
number  of  users  (behind  Amazon.com  and 
Target.com).  “I  know  that  Wal-Mart  is  not 
as  proud  as  they  would  have  liked  to  have 
been  with  online  retailing,”  says  former 
CIO  Martin.  “The  challenge  is  huge.” 

One  challenge  for  Walmart.com  is 
similar  to  what  it  faces  in  its  stores:  a  dis¬ 
connect  between  what  Wal-Mart  is  selling 
and  what  its  customers  want  to  buy.  If  its 
core,  low-income  shoppers  aren’t  buying 
more  upscale  clothes  and  home  decor 
products  in  the  store,  they’re  unlikely  to 
buy  them  online.  “I  don’t  think  their  origi¬ 
nal  shopper  is  an  online  shopper,”  says 
Rosenblum.  That  means  Wal-Mart  has 
to  market  online  to  new  customers  with 
higher  incomes. 

Edwards  notes  that,  to  date,  Walmart 
.com  “is  not  a  huge  business  for  them.” 
But  it  should  be,  she  says,  because  such 
trends  as  “clicks  leading  to  bricks”  (shop¬ 
pers  researching  online  and  buying  in 
stores)  and  new  forms  of  customer  rela¬ 
tions  and  marketing  are  Internet  based. 
In  fact,  a  multichannel  approach  to  sell¬ 
ing  to  Wal-Mart’s  customers  could  have  a 


52  NOVEMBER  1,  2007  |  www.cio.com 


DO  YOU  KNOW 

WHO  HAS  SHIPPED  2X 
THE  WIRELESS  LAN 
SWITCHES  OF  ANY 
OTHER  COMPANY? 


■  ’ 

XM  •  :  .fc 


M  YOU  DO  NOW. 


MOTOROLA  ENTERPRISE  WLAN 


Depend  on  the  market  share  leader  for  all  your  wireless  LAN  needs. 


•-,/  > '  ,  y  ‘ ;  v  t /• 

motor  old.  cum  WOkswntti'e.s : 

OTOROLA  and  the  Stylized  M  logo  are  leystered  in  the  U  S  Patent  &  Trademark  Office  All  othei  product  or  service  names  are  the  property  of  their  respective  owners  Copyright  ©  1994  2007  Motorola.  fnC  (All  rights  reserved 


Cover  Story 


Customer  Focus 


huge  impact  on  the  bottom  line.  “Anytime 
you  can  get  a  consumer  that  shops  mul¬ 
tiple  channels  with  you,  that  consumer  is 
much  more  loyal  to  your  brand,”  Edwards 
observes.  For  example,  she  notes  that 
Nordstrom  customers  who  shop  in  mul¬ 
tiple  channels  spend  four  times  as  much 
with  the  upscale  retailer  as  single-channel 
shoppers.  “I  would  be  surprised  if  the  same 
was  not  true  for  Wal-Mart,”  she  says. 

Last  year,  according  to  an  internal  Wal- 
Mart  marketing  report  obtained  by  corpo¬ 
rate  critic  WakeUpWalMart.com,  GSD&M 
Advertising,  a  marketing  and  media  con¬ 
sultancy,  urged  Wal-Mart  to  start  utilizing 
online  marketing  strategies  such  as  blogs 
to  reinforce  the  values  of  its  brand  (such  as 
its  no-hassle  return  policy)  and  promote 
its  new  products  (including  high-end  con¬ 
sumer  electronics  such  as  HD  TVs). 

Wal-Mart  seems  to  have  taken  GSD&M’s 
advice.  With  a  revamp  of  the  site  in  late 
2006,  Wal-Mart  introduced  several  new 
features,  among  them  the  ability  for  cus¬ 
tomers  to  review  and  rate  products. 

That’s  key  for  Wal-Mart.  According  to 


a  recent  opinion  poll  conducted  by  market 
researcher  Vizu  and  Bazaarvoice,  nearly 
80  percent  of  U.S.  shoppers  consider  it 
important  to  read  customer  reviews  before 
making  a  purchase.  A  Bazaarvoice  spokes¬ 
person  confirms  that  Wal-Mart  is  one  of  its 
clients,  but  says  the  company  is  bound  not 
to  talk  about  its  relationship.  Nevertheless, 
the  fact  that  Wal-Mart  is  trying  to  promote 
community  among  its  customers  suggests 
executives  recognize  the  need  for  change. 

More  evidence  can  be  found  in  the 
August  debut  of  Wal-Mart’s  Roommate 
Style  Match  group  on  Facebook,  the  popu¬ 
lar  social  networking  website  that  caters  to 
34  million  teenagers  and  college  students. 
Wal-Mart’s  hope  was  that  college  students 
would  talk  up  and  buy  back-to-school  prod¬ 
ucts  via  Facebook  and  Walmart.com.  Some 
of  the  early  Facebook  comments,  however, 
had  less  to  do  with  futons  and  pillowcases 
than  with  unionizing  Wal-Mart  workers 
and  the  death  of  small  U.S.  businesses. 
Typically,  such  comments  would  put  Wal- 
Mart  on  the  defensive.  This  time,  a  company 
spokesperson  told  Reuters:  “We  recognize 


that  we  are  facilitating  a  live  conversation, 
and  we  know  that  in  any  conversation,  espe¬ 
cially  one  happening  online,  there  will  be 
both  supporters  and  detractors.” 

Despite  the  negative  feedback  from 
Facebook  users,  this  new  attempt  to  play 
in  the  fields  of  Web  2.0  has  so  far  gone 
more  smoothly  than  Wal-Mart’s  summer 
2006  foray.  Then,  Walmart.com  tried  to 
emulate  MySpace,  another  social  network¬ 
ing  site,  to  engage  its  teenage  customers. 
Critics  bashed  Wal-Mart’s  creation,  The 
Hub,  for  closely  monitoring  the  site  and 
using  “fake  kids  who  talked  about  the 
clothes  they  were  buying  at  Wal-Mart,” 
according  to  Techdirt.com,  a  corporate 
intelligence  and  analysis  website.  “The 
G-rated  site  with  limited  functionality 
had  all  the  makings  of  a  politician  wear¬ 
ing  a  backwards  baseball  cap  in  a  bid  to 
win  the  youth  vote,”  it  wrote.  Wal-Mart 
quietly  shut  down  the  site  that  October, 
just  10  weeks  after  launch. 

Meanwhile,  Wal-Mart.com  has  gained 
success  with  a  new  online  service  called 
Site  to  Store,  which  allows  customers  to 


Think  Globally,  But  Let  Managers  Act  Locally 

In  a  networked  world,  big  companies  need  systems  that  distribute  decision  making 


Wal-Mart  has  historically  run  its  operations  from  its  Benton- 
vi Me,  Ark.,  headquarters.  But  many  management  experts  say 
the  command-and-control  approach,  which  leaves  little  deci¬ 
sion  making  to  local  store  managers,  won’t  cut  it  in  today’s 
partner-driven  world. 

When  you  are  big  and  global,  there  are  “more  vulnerabili¬ 
ties  and  points  of  disruption”  to  your  operations,  says  Hau 
Lee,  the  Thoma  professor  of  operations,  information  and 
technology  at  Stanford  University’s  Graduate  School 
of  Business.  Companies  have  to  adjust  by  balancing 
local  flexibility  with  centralization. 

For  example,  if  a  shipment  is  delayed  in  a  foreign 
country,  local  managers  are  in  a  better  position  to 
respond  than  managers  back  at  headquarters.  Lee 
says:  "The  important  task  of  information  systems  design 
is  to  allow  those  local  actions  and  decision  making.  But  the 
local  actions  and  decisions  that  are  made  must  come  back  to 
the  centralized  system.”  Top  execs  still  need  to  know  what’s 
going  on,  after  all. 


For  retailers,  enabling  local  decision  making  gives  store  man¬ 
agers  the  ability  to  react  to  what’s  selling  and  work  with  its  sup¬ 
pliers  more  efficiently,  says  Bobby  Cameron,  a  principal  analyst 
at  Forrester  Research.  Store  managers  can  "continuously  shift 
the  product  mix  in  specific  stores  and  in  specific  classes  of 
neighborhoods  to  reflect  each  location’s  particular  retail  inter¬ 
ests,”  Cameron  notes. 

Analysts  attribute  Wal-Mart’s  retreat  from  South  Korea 
and  Germany  to  an  insistence  on  doing  business  the 
Wal-Mart  way.  Cameron  says  Europeans  may  not 
have  wanted  to  adopt  Wal-Mart’s  IT  standards 
because  they  prefer  industry  standards  and  com¬ 
mon  interfaces  that  work  for  different  business 
process  models. 

It  is  now  a  global  conversation,”  Cameron  says. 

"And  as  a  company  like  Wal-Mart  becomes  part  of  global 
networks— and  no  longer  is  the  dominant  player  that  tells  every¬ 
body  what  to  do— they  are  more  brokers  than  in  command.” 

-TW. 


54  NOVEMBER  1,  2007  |  www.cio.com 


WHEN  INFORMATION  AVAILABILITY  MATTERS 


SunGard.  Setting  new  standards  for 
information  Availability  by  delivering 
a  range  of  solutions  that  meet  your 
specific  availability  objectives.  Flexible 
enterprise  wide  solutions  from  IT 
management  to  AdvancedRecoverySM. 
2,500  experts.  Three  decades  of 
experience.  100%  successful 
recovery  track  record. 

To  see  how  SunGard  can  help 
improve  your  IT  availability  stop 
by  www.availability.sungard.com 
or  call  800-871-5857  today. 


SUNGARD*  Ssrri 

Availability  Services  Connected 1‘ 

680  East  Swedesford  Road,  Wayne  PA  19087 
800-468-7483  |  www.availability.sungard.com 


{TO  SEE  THE  TOP  SEVEN  ROADBLOCKS  COMPANIES  FACE  IN  ACHIEVING  INFORMATION  AVAILABILITY 


AND  FIND  OUT  HOW  TO  AVOID  THEM  VISIT  WWW.AVAILABILITY.SUNGARD.COM/IA. 


Cover  Story  |  Customer  Focus 


With  a  revamp  of  its  website  in  2006, 
Wal-Mart  introduced  the  ability  for 
customers  to  review  and  rate  products. 
The  fact  that  Wal-Mart  is  trying  to  promote 
community  among  its  customers  suggests 
executives  recognize  the  need  for  change. 


order  products  from  Walmart.com  and 
have  them  shipped  to  their  local  Wal-Mart 
store  for  free.  (Other  retailers,  including 
Best  Buy  and  Circuit  City,  already  offer 
this  service.)  During  the  four-month 
rollout  that  began  in  March,  more  than 
500,000  units  were  shipped  via  Site  to 
Store,  saving  customers  more  than  $5 
million  in  shipping  fees.  More  than  50 
percent  of  orders  came  from  customers 
making  their  first  Walmart.com  purchase, 
according  to  Wal-Mart.  “Customers  are 
clearly  responding  to  the  idea  of  purchas¬ 
ing  online  items  that  are  not  available  in 
our  Wal-Mart  stores,”  said  Mike  Smith, 
Walmart.com’s  senior  director  of  opera¬ 
tions,  in  a  press  release. 

IT’s  role  in  facilitating  this  customer¬ 
centric  endeavor  is  critical— especially 
because  Walmart.com  has  been  knocked 
for  customer  service.  In  ForeSee  Results’ 
2006  “Top  40  Online  Retail  Satisfac¬ 
tion  Index,”  Walmart.com  ranked  33rd 
in  terms  of  customer  satisfaction  among 
online  holiday  shoppers,  and  its  overall 
score  was  unchanged  from  2005. 

Wal-Mart  IT’s  Customer- 
Focused  Agenda 

There’s  no  magic  to  what  CIO  Ford  must 
do  to  help  Wal-Mart  execute  its  new 
merchandising  strategies  and  goals  for 
growth,  say  analysts.  First,  IT  should 
move  ahead  with  its  nascent  plan  to  adopt 
best-of-breed  retail  technologies  where 
these  can  quickly  benefit  the  business. 

For  example,  Wal-Mart  is  known  for  its 
ability  to  collect  data.  Now,  analysts  say, 
it’s  imperative  that  IT  enable  merchan¬ 
disers  and  buyers  to  use  it  to  make  better 
decisions. 

“We  know  retailers  collect  this  informa¬ 
tion  and  we  know  that  Wal-Mart  throws 
it  out  on  Retail  Link,”  says  Rosenblum. 
“But  mashing  it  up  and  actually  coming 
out  with  intelligent  merchandising  deci¬ 
sions  based  on  that  is  the  next  wave.” 

Retailers  are  known  to  prefer  home¬ 
grown  systems,  Rosenblum  says,  and 
Wal-Mart  is  no  exception— especially 
given  its  size.  “They  were  just  too  big  to 
run  a  lot  of  this  packaged  stuff,”  she  says. 
Recently,  however,  the  major  software 


vendors,  including  HP,  IBM  and  Oracle, 
have  developed  sturdier  applications  that 
could  scale  up.  Earlier  this  year,  Wal-Mart 
implemented  Oracle’s  retail  price  optimi¬ 
zation  application  and  HP’s  Neoview  data 
warehousing  platform  to  crunch  the  data 
Wal-Mart  collects  in  its  4,000  U.S.  stores. 
(Neither  vendor  would  divulge  any  details 
of  its  respective  partnerships.) 

The  Oracle  tool  is  going  to  be  impor¬ 
tant,  say  analysts,  if  Wal-Mart  continues 
to  expand  its  presence  in  the  higher-end 
apparel  market,  where  products  have 
shorter  lifecycles.  The  price-optimization 
application  will  allow  Wal-Mart  to  under¬ 
stand  when  to  mark  down  clothes  that  are 
not  selling.  Edwards  says  Wal-Mart  had 
trouble  last  year  moving  some  of  its  more 
upscale  apparel.  “Cheaper  clothing  isn’t 
enough  anymore— it  needs  to  be  cheaper 
and  stylish,”  she  says.  “Having  good  sys¬ 
tems  and  data  gathering  isn’t  enough.  A 
retailer  must  be  able  to  interpret  it  and  act 
on  it  appropriately.” 

HP’s  Neoview  tool  can  provide  BI  data 
derived  from  all  kinds  of  customer  pur¬ 
chasing  information,  which  in  turn  can 
help  Wal-Mart  stock  its  stores  based  on 
what  sells  locally,  says  Rosenblum.  (To 
find  out  why  enabling  local  decision  mak¬ 
ing  is  important  for  global  companies, 
read  “Think  Globally,  But  Let  Managers 
Act  Locally,”  Page  54.) 

IT  can  do  little  about  some  negative 
aspects  of  customer  service  that  have  caused 
analysts  to  question  Wal-Mart’s  practices: 
messy  stores,  curt  cashiers  and  poorly 
stocked  shelves.  Judging  customer  service 
can  be  subjective,  admits  analyst  Edwards, 
but  she  says  Wal-Mart  has  not  kept  pace 
with  competitors  such  as  Target  and  Costco. 
“Up  until  very  recently,  Wal-Mart  seemed 
to  believe  that  low  prices  were  all  that  mat¬ 


tered,”  she  notes.  “A  quick  walk  through 
the  shoe  department,  for  example,  would 
have  convinced  you  that  a  bomb  had  gone 
off,  throwing  shoes  everywhere.  Shelves 
weren’t  well  stocked.  The  store  was  dirty, 
the  bathrooms  especially.  And  the  checkout 
lines  were  legendary— not  in  a  good  way.” 

But  IT  can  help  with  some  retailing 
basics  that,  according  to  Sahir  Anand,  an 
analyst  at  Aberdeen  Group,  Wal-Mart  has 
had  trouble  with  of  late:  ensuring  that  POS 
systems  are  continually  updated,  that  price 
checkers  and  interactive  kiosks  are  up  and 
running  at  all  times,  that  checkout  experi¬ 
ences  are  speedy,  and  that  associates  are 
ready,  willing  and  able  to  guide  and  moti¬ 
vate  customers  to  use  all  these  tools. 

“Technology  and  customer  service  go 
hand  in  hand,”  Anand  says.  “Only  when 
in-store  customer-service  tools  are  work¬ 
ing  properly  will  customers  see  Wal-Mart 
as  responsive.” 

Wal-Mart’s  future  success  depends 
upon  IT’s  ability  to  deliver  the  applica¬ 
tions  and  systems  that  the  giant  needs  to 
compete  today— just  as  it  did  a  decade  or 
two  ago.  Rosenblum  says  that  although  the 
current  IT  regime  hasn’t  directly  contrib¬ 
uted  to  Wal-Mart’s  troubles,  “it  is  fair  to  say 
they  didn’t  anticipate  the  shift  [in  retail¬ 
ing].  And  they  didn’t  realize  that  [retail 
software]  and  hardware  had  matured 
enough  to  where  it  could  support  them.” 

Now,  more  than  ever,  Wal-Mart  has 
to  tap  into  Sam  Walton’s  legendary  gump¬ 
tion,  his  knack  for  seeking  out  partners 
when  he  needed  expertise  he  didn’t 
have,  and  rely  on  some  of  those  good  ol’ 
“computers.”  BEI 


Senior  Writer  Thomas  Wailgum  can  be  reached 
at  twailgum@cio.com.  To  comment  on  this 
story  go  to  www.cio.com/article/143451. 


56  NOVEMBER  1,  2007  |  www.cio.com 


mmmtm 


Location  intelligence  can  tell  you  precisely  How  and  where  to  grow.  How  to  add  more  wow 
to  customer  service.  Even  how  to  make  your  operations  more  efficient,  and  your  offerings 
more  differentiated.  To  start  listening,  talk  to  the  location  intelligence  professionals  at 
Pitney  Bowes  Maplnfo.  Through  comprehensive  software,  expansive  data  sets,  expert  consulting 
and  support,  we  help  your  entire  organization  leverage  the  unique  power  of  location-centric 
information  for  better,  more  informed  decisions.  See  what  location  intelligence  tells  you. 

Be  Location  Intelligent® 

See  how  location  intelligence  drives  key  business  decisions.  Download 
Location  Intelligence:  The  New  Geography  of  Business  at  mapinfo.com/location4 

. 

©2007  Pitney  Bowes  Maplnfo  Corporation.  All  rights  reserved.  Maplnfo  and  the  Maplnfo  logo  are  trademarks  of  Pitney  Bowes  Maplnfo  Corporation. 


FIND  NEW 
MARKETS 
HERE. 


FROM  MORE  EFFICIENT  OPERATIONS  TO  HIGHER  ROI, 
YOU  CAN  LEARN  A  LOT  FROM  LOCATION. 


Emerging  Technology  |  Q&A 


Ifthere's 
anyone  out 
there  who 
understands 
the  impact 
of  consumer 
technology 
on  the 
enterprise, 
it’s  gotta  be 
Google  CIO 
Douglas 
Merrill. 


BY  ABBIE  LUNDBERG 


Douglas  Merrill  doesn’t  look  like  the  standard 
model  information  executive.  If  you  were  to  walk 
into  a  CIO  gathering  and  find  Merrill  there,  you 
might  take  him  for  a  hip  entrepreneur  or  a  musi¬ 
cian  come  to  perform.  He  has  earrings.  More  than 
a  few.  And  long,  unruly  hair.  He  wears  bright  T- 
shirts  and  jeans. 


Reader  ROI 

::  How  consumer  tech 
changes  business 
relationships 

::  Why  CIOs  will  have 
to  get  even  more 
technologically  savvy 

::  How  to  think  about 
security  in  a  heteroge¬ 
neous  environment 


You  also  wouldn’t  think  CIO  if  you  were  introduced  to  Merrill 
through  his  CV.  His  degrees  are  in  social  and  political  organization 

(undergrad)  and  psychology  (master’s  and  doctorate  from  Princeton).  He’s  worked  as  an  informa¬ 
tion  scientist  for  the  RAND  Corporation  (leveraging  his  training  in  cognitive  and  social  science); 
he  led  a  security  practice  at  Pricewaterhouse;  and  at  Charles  Schwab,  in  addition  to  the  more 
traditional  IT  responsibilities  of  information  security  and  infrastructure,  he  was  responsible  for 
HR  strategy  and  operations.  He’s  credited  with  engineering  Google’s  2004  IPO. 

But  when  you  talk  to  Merrill  about  technology  and  its  role  in  business  and  life,  when  you  start 
to  understand  the  way  he  thinks,  after  a  while  you  start  to  think,  well,  that’s  exactly  the  way  a 
CIO  in  2007  should  think. 

Merrill  views  technology  primarily  as  a  tool  to  enhance  people’s  creativity  and  productivity,  and  one 
that  can  help  them  solve  their  problems.  His  guiding  principle  in  IT  management  is  “choice,  not  control.” 


58  NOVEMBER  1,  2007  |  www.cio.com 


PHOTO  BY  THOMAS  BROENING 


Douglas  Merrill:  ” I  can  let 

an  employee  work  on  a 
Mac  because  it  makes  him 
10  percent  more  productive 
That  outweighs  the  cost 
advantage  I  get  from 
uniformity.” 


mm 


Emerging  Technology  |  Q&A 


“Companies  had  really  big  fences  around  their  technology 
and  nobody  went  through  the  fence  except  at  Checkpoint  Charlie,  and 
everybody  had  guns  and  it  sort  of  felt  like  East  Berlin— very  scary. 

That’s  the  tech  world  we  grew  up  in."  -douglas  merrill 


Despite  having  grown  up  professionally  in 
the  era  of  highly  structured  enterprise  sys¬ 
tems,  he  runs  a  highly  reliable  and  secure 
enterprise  on  a  pretty  unstructured,  hetero¬ 
geneous,  much  more  organic  model. 

Four  years  ago,  Merrill  joined  Google 
as  senior  director  of  information  systems, 
responsible  for  internal  engineering  and 
worldwide  support.  CIO  Editor  in  Chief 
Abbie  Lundberg  recently  spoke  with 
him  on  the  Google  campus  about  current 
trends  in  information  technology  and  the 
impact  they  are  having  on  the  way  organi¬ 
zations  think  about  and  manage  IT. 

CIO:  How  is  your  approach  to  running 
IT  different  from  the  traditional  model? 
Douglas  Merrill:  Some  of  the  side  effects 
of  the  era  we  grew  up  in,  when  enterprise 
technology  was  highly  siloed,  highly 
focused  on  heavy  business  process  design 
(“You  vill  do  vat  this  software  tells  you”), 
that  model  of  the  world  yielded  incredible 
economic  returns.  The  downside  was  you 
had  to  be  relatively  controlling  as  a  CIO. 
[You  told  people,]  “You’re  going  to  use  this 
kind  of  infrastructure;  you’re  going  to  use 
these  kinds  of  servers;  the  end  points  are 
going  to  look  like  this.  ” 

Then  we  applied  that  thinking  to  secu¬ 
rity  threats  and  we  said  the  best  way  to 
manage  security  is  to  have  everything 
look  the  same— and  hey,  look,  it  also  has 
this  other  side  effect:  It  tends  to  have  lower 
costs;  you  get  this  really  nice  cycle  yield¬ 
ing  perfect  uniformity. 

But  if  you  look  at  natural  organisms, 
few  develop  naturally  to  complete  unifor¬ 
mity.  Very  few  birds  look  the  same.  The 
consumerization  trend  exposes  the  orga¬ 
nization  to  additional  diversity— diversity 
of  the  end  point. 

We’ve  changed  the  way  we  think  about  IT 
here.  We  don’t  have  to  drive  for  uniformity. 
Our  systems,  which  basically  are  consumer 
systems,  have  to  run  on  the  end  points.  The 
side  effect  of  that  is  I  can  let  a  particular 


employee  work  on  a  Mac  because  it  makes 
him  10  percent  more  productive.  That  pro¬ 
ductivity  advantage  outweighs  the  minor 
cost  advantage  I  get  from  uniformity. 

Google  information  systems  believes 
in  choice,  not  control.  The  goal  of  choice 
is  to  let  your  talent  express  their  talent  in 
the  most  effective  way  they  can. 

Many  years  of  team  dynamics  studies 
show  that  diverse  teams  tend  to  do  more 
complete  searches  of  the  problem  space 
and  yield  better,  more  creative  answers.  It 
seems  strange  to  recognize  that  you  need 
diversity  of  talent  to  solve  these  problems, 
then  try  to  force  that  diversity  into  a  fun¬ 
nel  of  uniformity. 

What  impact  are  consumer  applications 
having  on  the  enterprise? 

The  most  interesting  developments  in 
IT  are  being  done  in  consumer  applica¬ 
tions,  not  business  applications.  The  best 
engineers  are  going  there.  And  consumer 
requirements  are  so  high  now  in  terms  of 
stability,  quality  and  reliability,  that  con¬ 
sumer  applications  are  just  as  good  as  most 
business  applications— in  fact,  sometimes 
better.  Google’s  uptime  is  many,  many, 
many  nines,  and  we’re  a  consumer  appli¬ 
cation.  Most  of  the  manufacturing  and 
trading  applications  I’ve  been  associated 
with  in  my  career  have  a  lower  uptime  than 
Google.com.  So  something  has  changed. 
This  idea  that  consumer  requirements 
are  the  equal  of  business  requirements 
changes  the  way  that  we  CIOs  consume 
and  build  software  for  the  future.  The 
benefit  (if  I  can  figure  out  a  way  to  use  it)  is 
that  there’s  lots  of  great  consumer  software 
lying  around.  All  the  reasons  I  couldn’t  use 
it  before  no  longer  apply. 

So  what’s  the  problem? 

The  consumerization  of  IT  changes  the  way 
people  like  me  do  our  jobs  in  many  ways. 
Suddenly,  all  the  rules  have  changed.  Soft¬ 
ware  developers  don’t  exactly  know  who 


to  listen  to;  CIOs  don’t  exactly  know  who 
to  buy  from,  and  VCs  and  board  members 
don’t  exactly  understand  how  to  value  the 
companies  we’re  getting  involved  with. 
Everything’s  in  flux.  If  your  job  is  to  limit 
risk,  that’s  a  horrible  world  to  live  in  because 
it’s  all  risky.  Of  course,  there’s  risk  in  a  good 
sense,  because  without  risk  there  can  be  no 
return.  The  problem  is,  I  don’t  know  how 
to  model  it.  We  understand  the  monetiza¬ 
tion  models  used  by  enterprise  software;  we 
don’t  yet  understand  the  models  for  this. 

There’s  this  interesting  inflection  point 
going  on.  It’s  very  difficult  for  classic  CIOs 
and  classic  IT  organizations  to  understand 
how  to  respond  in  the  best  way  to  this 
consumerization  of  IT.  Something  might 
be  good  for  their  employees  but  bad  for 
their  cost  structure.  It  might  be  great  for 
their  cost  structure  but  bad  for  their  risk 
management  structure.  It  might  be  really 
good  to  get  good  engineers  but  very  hard 
to  find  ways  to  do  certifications  or  provide 
traditional  controls.  The  world  looks  very 
different  across  a  variety  of  fields  that  view 
what  they  do  as  risk  management. 

How  will  this  change  IT  and  business 
leadership? 

During  the  next  10  to  15  years,  you’ll  find 
increased  technical  focus  at  the  tops  of  IT 
organizations  and  at  the  tops  of  companies, 
because  the  nature  of  risk  management  is 
changing  from  clean  cost  flow  across  tech¬ 
nology  to  clean  talent  flow  into  technology, 
which  is  a  very  different  thing  to  manage. 

In  the  first  [mainframe-based]  wave  of 
IT,  the  technology  person  reported  to  the 
CFO;  the  CFO  probably  didn’t  have  e-mail; 
[managing  IT]  was  purely  a  numbers  exer¬ 
cise.  In  the  second  wave  of  enterprise  soft¬ 
ware,  the  CIO  probably  came  up  through 
the  tech  function,  increasingly  reported 
to  the  CEO,  and  most  of  the  C-suite  folks 
had  e-mail.  Networks  tended  to  be  closed; 
business  relationships  were  not  usually 
technically  facilitated.  Fundamentally,  if 


60  NOVEMBER  1,  2007  |  www.cio.com 


EXECUTIVE 

VIEWPOINT 


ADVERTISEMENT 


A  New  Kind  of  Threat 

CIOs  turn  to  endpoint  security  to  defend  against 
new  breed  of  hackers 


Kevin  Murray 

SENIOR  DIRECTOR,  ENDPOINT  SECURITY 

Kevin  is  responsible  for  worldwide  strategic  planning  and  marketing  for 
Symantec's  Endpoint  Security  products  group.  Prior  to  re-joining  Symantec  in 
2003,  he  held  a  variety  of  management  positions  at  AOL-Time  Warner, 

Trend  Micro  and  Symantec. 


New  threats  have  CIOs  looking  at  infor¬ 
mation  security  in  a  new  way.  “Today’s 
hackers  don’t  care  about  notoriety,”  says 
Kevin  Murray  of  Cupertino,  Calif  .-based 
Symantec  Corp.  “They  care  about  money, 
which  makes  them  more  dangerous  than 
ever.”  Read  on  to  find  out  how  CIOs  are 
shoring  up  their  endpoint  defenses. 

What's  different  about  today's  security 
threat  landscape? 

Certainly,  the  shift  from  noisy  threats  to 
silent  or  highly  targeted  threats  is  major. 
What  once  was  an  innocent  hacker 


showing  off  his  savvy  is  now  a  highly 
organized,  adept  criminal  who  is  far  more 
interested  in  financial  gain  and  stealth. 
What’s  more,  threats  are  increasing  in 
number— as  the  technology  used  to  au¬ 
tomate  the  creation  of  variants  becomes 
more  readily  available— and  in  severity 
because  hackers  have  become  much 
more  polished  and  refined  in  what  they’re 
trying  to  accomplish. 

What  bottom-line  impact  has  this  had 
on  how  CIOs  think  about  security? 

Such  changes  in  the  threat  landscape 
have  definitely  impacted  the  way  CIOs 
must  look  at  their  security  strategies. 
Breaches,  for  example,  can  impact  any 
company’s  bottom  line— sometimes  ir¬ 
reparably.  Very  few  brands  can  survive  the 
damage  to  customer  confidence  that  can 
result  from  something  like  that.  So  securi¬ 
ty  must  be  steps  ahead  of  the  hacker,  and 


that’s  forcing  CIOs  to  look  at  appropriate 
proactive  measures  in  addition  to  their 
existing  responsive  measures. 

How  are  enterprises  successfully  rally¬ 
ing  against  new-generation  threats? 

The  key  word  for  rallying  against  these 
threats  is  control.  Take,  for  example, 
application  control.  When  it  comes 
to  managing  applications,  one  of  our 
customers  was  spending  $2  million  an¬ 
nually  in  network  outages  while  another 
was  forced  to  re-image  100  PCs  a  week 
to  keep  up— both  due  to  unauthorized 


applications.  So  it’s  important  for  CIOs  to 
understand  what’s  in  their  environment. 
Another  area  of  focus  is  device  control. 
Businesses  must  ensure  that  trusted  in¬ 
siders  don’t  become  ‘untrusted.’  Consider 
a  database  administrator  who,  with  all  his 
privileges,  can  easily  download  sensitive 
data  onto  an  MP3  player.  Additionally, 
network  access  control  is  increasingly  be¬ 
ing  integrated  into  core  endpoint  security 
strategies.  This  means  various  groups 
within  IT  must  come  together  to  solve 
problems  differently. 

What  should  CIOs  look  for  in  an 
endpoint  security  solution? 

Integration  is  a  key  component  in  today's 
defensive  strategies.  Historically,  endpoint 
security  was  solved  with  multiple  solu¬ 
tions.  But  now,  a  multiple-vendor  strategy 
at  the  endpoint  may  no  longer  be  viable. 
CIOs  really  like  the  idea  of  an  integrated 


endpoint  security  solution,  especially 
one  that  figures  in  network  access  control. 
They  already  have  the  basis  for  stopping 
the  known  attacks,  so  they’re  looking  for 
integrated  technologies  that  give  them 
more  control  and  protection  against 
unknown  attacks.  And  CIOs  aren’t  just 
looking  to  protect  the  business  against 
new  threats,  but  also  to  manage  costs  and 
drive  down  complexity.  So  as  vendors  add 
more  defensive  components,  it’s  critical 
that  the  burden  on  the  endpoint  and  the 
administrator  be  minimized. 

How  will  endpoint  security  technology 
evolve  into  the  future? 

With  all  this  integration  comes  a  need  for 
renewed  focus  on  performance.  Meaning, 
if  you  are  going  to  combine  technologies, 
you  must  make  sure  that  it  doesn’t  add 
burden  or  slow  the  system  down.  CIOs 
will  continue  to  set  their  strategies  to 
make  sure  data  is  safe  wherever  it  goes, 
whatever  device  is  used.  So  working  with 
a  vendor  that’s  been  there,  sees  future 
trends,  and  is  committed  to  developing 
security  technologies  will  continue  to  be 
very  important. 


FOR  MORE  INFORMATION: 

Check  out  the  white  paper,  "A  unified. 
Proactive  Approach  to  Endpoint 
Security,"  at  www.cio.com/ 
whitepapers/symantec/endpoint 

Symantec.. 


[Will 

Custom  Solutions  Group 


“Changes  in  the  threat  landscape  have 
definitely  impacted  the  way  CIOs  must 
look  at  their  security  strategies.” 


Emerging  Technology  |  Q&A 


"I  think  it’s  very  important  for  us  as  technologists,  as  we  step 
into  this  new  era  where  we  are  really  leading  the  business,  to  throw  off  the 
shackles  of  today's  perspective  and  build  the  world  that  we  want  to  live  in.” 

-DOUGLAS  MERRILL 


you  will,  companies  had  really  big  fences 
around  their  technology  and  nobody  went 
through  the  fence  except  at  Checkpoint 
Charlie,  and  everybody  had  guns  and  it 
sort  of  felt  like  East  Berlin— very  scary. 
That’s  the  tech  world  we  grew  up  in. 

Increasingly,  part  of  these  interesting 
consumer  apps  are  these  strange  mash- 
ups  of  lots  of  services  provided  by  lots 
of  organizations.  Suddenly  it  isn’t  clear 
where  your  business  starts  and  another 
business  ends,  and  that  affects  your  con¬ 
tracting  functions  and  your  finance  func¬ 
tions  and  your  legal  and  risk  management 
functions.  So  the  technical  relationships 
between  organizations  are  embodied  in 
the  product.  Consequently,  I  think  you’ll 
see  a  much  higher  degree  of  technical  focus 
in  the  CIO  and  a  higher  understanding  of 
technology  in  business  across  the  C-suite. 

The  distinction  we’ve  all  grown  up  with 
and  that  we’re  all  so  comfortable  with— 
that  there’s  technology  and  there’s  busi¬ 
ness— is  going  to  vanish.  That’s  scary.  For 
those  of  us  in  the  business  now,  how  do  we 
build  our  skills  to  get  ready  for  that? 

Is  there  one  consumer  app  you’d  ban? 

Wow.  I’m  sure  the  answer  to  that  must  be 
yes,  but  off  the  top  of  my  head  I  just  can’t 
think  of  any.  We  really  believe  in  choice,  not 
control,  so  the  number  of  things  employees 
can’t  do  is  pretty  small.  And  then  the  infra¬ 
structure  is  pretty  smart  and  self-healing. 
Our  machines  come  already  imaged  with 
security  controls.  People  can  install  their 
own  software  if  they  want  to.  We  have  lots 
of  remote  access  options,  and  we  assume 
people  will  work  from  cafes,  so  we  do  lots 
to  make  that  possible. 

For  example,  in  the  office  next  to  me 
today  is  one  of  our  directors  from  London. 
He  has  a  young  son  he  misses  intensely. 
Just  a  few  minutes  ago,  he  made  a  quick 
voice-over-IP  call  to  his  wife  with  a  video 
screen  using  a  freeware  product  on  his 
computer. 


How  dependent  is  all  this  on  getting 
the  security  piece  right? 

It’s  very  big.  My  ability  to  do  choice,  not  con¬ 
trol  is  profoundly  affected  by  some  of  the 
changes  in  the  security  model.  Until  very 
recently,  the  average  security  model  was, 
“Thou  shalt  not  talk  to  anyone,”  so  your 
machines  are  wired,  you  can’t  carry  them 
anywhere,  you  can’t  access  your  stuff  from 
home  or  cafes,  the  end  points  are  very  tightly 
locked  down;  if  you  want  to  install  a  piece  of 
software,  you  have  to  ask  someone  else  to 
do  it  for  you— all  because  our  only  way  of 
providing  really  rich  security  was  to  protect 
the  end  point  at  all  costs.  The  problem  was 
that  all  this  didn’t  actually  protect  us. 

Over  time  we  figured  out  that  the  only 
way  to  get  really  ubiquitous  protection  is  to 
protect  the  infrastructure  itself.  It’s  a  bit  like 
the  human  body:  The  skin  is  a  really  impor¬ 
tant  part  of  preventing  infection  but  the 
skin’s  not  impervious,  so  you  have  a  bunch 
of  other  mechanisms  to  provide  defense  in 
depth.  I  get  to  provide  choice  for  my  users 
because  I  focus  on  defense  in  depth— lots 
of  different  things  in  the  infrastructure  and 
the  applications  that  protect  themselves. 

What  excites  you  about  the  future? 

There  are  so  many  cool  things  out  there.  I 
really  love  some  of  the  interesting  mash- 
ups.  We’re  in  this  interesting  world  of 
content  aggregation.  I’m  so  excited  about 
this  innovation  space. 

Imagine  that  people  could  ask  ques¬ 
tions  of  the  world  around  them  and  get 
back  answers  that  don’t  entirely  match 
their  perspective.  How  terrific  would  it 
be  if  it  were  possible  for  all  of  us  to  read 
what  the  Arabic  newspapers  were  say- 


A  New  World  to  Manage 


How  can  you  manage  IT  in  the  environ¬ 
ment  Douglas  Merrill  describes?  Check 

out  “AN  INTRODUCTION  TO  ENTERPRISE 
2.0”  at  www.cio. com/article/123550 

cio.com 


ing  about  our  operations  in  the  Middle 
East.  How  good  would  it  be  for  the  world 
if  the  democratization  of  information  got 
to  the  place  where  consumers  could  see 
their  own  perspectives,  the  perspectives 
of  those  they  trust  and  the  perspectives 
of  people  who  disagree  with  them  all 
together  and  compare  them. 

What’s  the  greatest  limitation  for 
CIOs  today? 

To  steal  a  quote  from  Eric  Schmidt,  “Never 
bet  against  Moore’s  Law.” 

There  have  been  so  many  times  in 
my  career  when  I’ve  thought,  “That  tool 
would  be  really  cool,”  or,  “If  I  could  find 
a  way  to  help  do  X,  that  would  be  really 
neat,”  but  [then  I  think]  it’s  too  hard  com¬ 
putationally,  we  don’t  have  enough  stor¬ 
age,  we’ll  never  get  the  bandwidth.  There 
were  always  a  thousand  reasons  why  it 
wouldn’t  work.  But  those  reasons  are 
rarely  right. 

I  think  it’s  very  important  for  us  as 
technologists,  as  we  step  into  this  new  era 
where  we  are  really  leading  the  business, 
to  throw  off  the  shackles  of  today’s  per¬ 
spective  and  build  the  world  that  we  want 
to  live  in.  A  world  where  copyright  law 
protects  content  owners  and  gives  them 
the  right  to  get  money  for  their  content— 
and  also  allows  people  to  easily  find  and 
absorb  that  content.  A  world  in  which  you 
can  ask  questions  in  any  language  you 
want.  A  world  in  which  you  can  explore 
an  incredible  amount  of  data  without  hav¬ 
ing  to  be  a  data  visualization  expert  or 
John  Tukey.  Wouldn’t  it  be  great,  as  we’re 
driving  the  next  however-many-years  of 
business,  to  recognize  that  Moore’s  Law 
will  make  many  things  possible?  And  the 
only  real  question  is,  which  things  do  we 
want  to  have  happen?  BE) 


Abbie  Lundberg  is  Editor  in  Chief  of  CIO  Mag¬ 
azine.  To  respond  to  this  story,  go  online  to 
www.cio.com/article/144500. 


62  NOVEMBER  1,  2007  |  www.cio.com 


WILL  YOUR  SKILL  SET  QUALIFY  YOU 

FOR  A  SEAT  AT  THE  EXECUTIVE  TABLE? 


Learn  essential  tips  on  developing  your  career  during  a  free 
web  seminar,  hosted  by  the  CIO  Executive  Council  and 
executive  coach  Dr.  Susan  Bethanis. 


You  will  receive  key  information  on  how  to: 

*Set  realistic  goals  in  your  own  personal  development  plan 
*Recognize  and  leverage  your  strengths 
*Apply  the  nine  executive  competencies  and  assessments 
CIOs  of  the  future  will  need 

*Participate  in  the  Leadership  Advancement  Pathways  program 


Register  at  www.cioexecutivecouncil.com/pathways 

The  first  fifty  registrants  will  receive  Bethanis'  book,  Leadership  Chronicles  of 
Corporate  Sage:  Five  Keys  to  Becoming  a  More  Effective  Leader. 


CIO  Executive  Council 

The  FYofessional  Organization  for  CIOs 


The  CIO  Executive  Council  was  created  by  readers  of  CIO  magazine  and  leaders  within  the 
community  of  CIOs  to  leverage  the  individual  and  collective  strengths  of  its  members  to  serve  as 
unbiased  and  trusted  advisors  to  each  other,  and  to  advance  the  CIO  profession  and  its  role  in 
driving  shareholder  results  for  their  respective  organizations.  Created  by  the  CIO  Executive 
Council,  Leadership  Advancement  Pathways  has  been  created  to  help  rising  stars  in  IT  build 
business  leadership  skills.  This  year-long,  fee-based  program  uses  online  self  and  360-degree 
assessment  tools  and  a  personalized  action  plan  carried  out  through  workshops  taught  by 
CIO  Executive  Council  members. 


Founded  by 


Business 

Technology 

Leadership 


ICIOI 

Exantive  PnvMS 

where  you  need  to  be 


CIO  Executive  Programs  combine  cutting-edge  education  and  networking  opportunities  for 
busy  executives.  Our  programs  attract  the  best  and  brightest  IT  executives  and  our  brand 
is  synonymous  with  the  highest  quality  and  integrity.  These  face-to-face  conferences  are 
regarded  as  the  trusted  networking  resource  for  the  nation’s  CIOs  because  we  know  and 
understand  the  executive  IT  community  better  than  any  other  IT  resource. 


CIO  Leadership  Conference 

May  18-20,  2008 
Sheraton  Boston 
Boston,  Massachusetts 

CIO  &  CSO  Business  Continuity  Forum 

July  15-16,  2008 

Marriott  New  York  at  the  Brooklyn  Bridge 
New  York,  New  York 

CIO  100  Symposium  &  Awards 

August  24-26,  2008 
The  Broadmoor 
Colorado  Springs,  Colorado 

CIO|09  The  Year  Ahead 

November  9-1 1 , 2008 
Loews  Coronado  Bay 
Coronado,  California 


For  more  information 
aod  to  register  visit: 

www.cio.com/executive-programs 
or  call  800-366-0246 


Business  Process  Management 


Why  Maritz  Travel 
revamped  key 
business  processes— 
and  how  business 
and  IT  came  together 
to  make  it  work 

BY  LAURIANNE 
MCLAUGHLIN 


WHEN  RICH  PHILLIPS  became  COO  of  Maritz 
Travel  about  two  and-a-half  years  ago,  he  sat  down  and 
took  a  hard  look  at  the  big  industry  picture. 

It  wasn’t  pretty 

“We  had  some  serious  systemic  issues,”  says  Phillips. 
Post  9/11,  bookings  had  declined  in  every  area  of  the  travel 
industry  but  travel  for  corporate  meetings  and  group  travel— 
Maritz  Travel’s  specialty— had  been  hit  Reader  ROI 
especially  hard.  For  many  companies,  ::  j^°/att°/gegin  a  BPM 
holding  meetings  in  far-flung  locations,  ::  Whv  baseline  metrics 

are  essential  to  success 

flying  employees  around  the  globe  to  ::  why  big  goals  m  bpm 


ILLUSTRATION  BY  PATRICK  BLACKWELL  /  LAUGHING  STOCK 


www.cio.com  |  NOVEMBER  1,  2007  65 


Business  Process  Management 


convention  cities  and  warm-weather  resorts  is  a 
matter  of  choice,  not  a  business  necessity,  and  thus  a 
highly  controllable  expense.  If  a  company  was  going 
to  spend  travel  money,  it  was  going  to  want  more,  a  bet¬ 
ter  return  on  its  investment.  Consequently,  Maritz  had  to 
find  ways  to  innovate  and  grow  in  an  environment  in  which 
its  customers  were  acutely  cost-conscious.  Plus,  Maritz’s 
customers  wanted  new  levels  of  service  and  they  wanted 
them  now,  not  later. 

Phillips,  now  president  of  Maritz  Loyalty  Marketing  (a 
division  that  runs  customer  loyalty  rewards  programs), 
knew  Maritz  had  to  change,  and  change  fast. 

TURNING  THESHIP  AROUND 

It’s  no  small  matter  to  change  business  processes,  let  alone 
change  them  quickly.  The  challenge  becomes  even  greater 
when  you’re  big  and  complex.  Known  as  the  global  leader 
in  its  category,  Maritz  Travel  represents  the  biggest  busi¬ 
ness  unit  in  the  $1  billion-plus  privately-held  Maritz. 
Every  year  it  helps  send  hundreds  of  thousands  of  people 
on  trips  including  conferences  and  incentive  travel  vaca- 


5  Tips  for  BPM  Success 

Maritz  Travel’s  Rich  Phillips  shares  his 
key  concepts  for  BPM  makeovers 

Q  Think  big.  "It’s  critical  that  people  think  about  the  big  picture,” 
says  Phillips.  Don’t  start  with  a  narrow  problem  like  "Our  contracts 
need  to  be  written  faster."  Start  with  "How  do  we  sell?” 

B  Get  business  sponsorship.  And  get  it  at  a  high  level,  “it’s  just 
imperative,”  Phillips  says.  “You  will  run  into  bumps  along  the  way.” 

O  Don’t  forget  the  change  factor.  That's  especially  true  if  your 
company  has  a  culture  that  praises  people  for  solving  problems  in 
idiosyncratic  ways.  "Shifting  to  process  management  as  a  meth¬ 
odology  for  defining  how  a  business  operates  involves  subtle  but 
important  business  shifts,”  says  Phillips.  "People  doing  things 
uniquely  may  not  be  better.  We’re  now  taking  capacity  that  used  to 
be  consumed  fighting  fires  and  focusing  on  customer  issues." 

Q  Plan  to  communicate  and  communicate  the  plan.  Stress 
what  the  process  changes  will  mean  to  customers.  "I  really  encour¬ 
age  business  leaders  to  talk  about  how  they  are  going  to  communi¬ 
cate  the  new  culture. ..and  how  it’s  beneficial  to  clients,"  Phillips  says. 

B  Focus  on  the  end  user.  IT  should  pay  more  attention  to  cus¬ 
tomer  services  than  the  systems  involved  in  the  BPM  revamp. 

“Once  we  had  a  common  purpose,  a  common  strategy,  we  had  a 
sense  of  team  and  kinship,"  Phillips  says.  He  advises  IT  execs  to 
think  through  the  challenges  and  applications  for  the  business  and 
align  the  BPM  effort  with  that.  -L.M. 


tions  (used  to  reward  employees  in  fields  such  as 
sales)  on  every  continent. 

Phillips,  who  started  his  professional  career  with 
10-year  stint  in  IT  at  Citigroup  Mortgage  and  several 
divisions  within  Maritz,  began  his  makeover  effort  with 
a  value-stream  analysis  in  order  to  map  the  business  and 
identify  what  was  working  and  what  wasn’t.  “We  had  some 
process  issues  that  we  needed  to  address,”  he  says.  The  first 
big  one?  “I  had  process  integrity  issues,”  he  says.  “There 
was  no  linkage  from  one  phase  to  the  next”— for  example, 
between  the  sales  and  the  delivery  organizations.  And  he 
needed  to  speed  everything  up.  “The  market  was  shift¬ 
ing.  Our  customers  were  demanding  that  our  cycle  time 
improve,”  he  says. 

Phillips  first  turned  to  a  data  repository  initiative  to 
tackle  the  disconnects  in  the  company  and  to  address  new 
Sarbox-related  compliance  demands.  This  work  led  him  to 
a  business  process  management  (BPM)  revamp  beginning 
in  July  2006. 

Today,  BPM  isn’t  just  a  project  at  Maritz;  it’s  a  way  of  life, 
with  a  continuous  improvement  team  staffed  by  IT  and  busi¬ 
ness-side  execs  churning  out  process-related  changes 
on  a  monthly  basis.  “From  selling  to  billing,  every¬ 
thing  we  do  is  now  touched  by  BPM,”  Phillips  says. 

To  date,  it’s  has  helped  reduce  Maritz’s  SG&A 
(selling,  general  and  administrative  expenses,  better 
known  as  overhead)  by  more  than  10  percent. 

“This  has  allowed  us  to  improve  profitability 
while  simultaneously  increasing  client-facing 
resources  as  a  percent  of  our  total  expenses,”  Phil¬ 
lips  says.  Maritz  has  also  used  these  productivity 
gains  to  accelerate  investment  in  product  innovation 
around  areas  important  to  clients,  including  data 
management  and  compliance. 

His  keys  to  BPM  success?  For  starters,  ensure  a 
tight  IT  and  business  relationship.  And  think  big. 

“I’ve  observed  many  BPM  projects  that  dealt  with 
a  subprocess,  like  recruiting  candidates  or  billing,” 
he  says.  “We  went  wide.  For  example,  we  looked  at 
how  our  organization  delivers  to  clients.  Then  we 
went  deep.” 

If  you  get  bogged  down  in  subprocesses  too 
quickly,  he  warns,  you’ll  miss  your  overall  goals. 

BPM  IN  AN  ERP  ENVIRONMENT 

If  Maritz’s  need  to  change  business  process  quickly 
strikes  a  resonant  chord  with  you,  you’re  not  alone. 
BPM  has  become  one  of  the  most  important  deci¬ 
sions  for  CIOs  and  their  C-level  peers  right  now,  says 
Sharyn  Leaver,  VP  and  Research  Director  at  For¬ 
rester  Research.  Now  that  companies  have  invested 
millions  in  ERP  implementations,  upgrades  and 
overhauls  with  software  vendors  such  as  Oracle 


A 


66  NOVEMBER  1,  2007  |  www.cio.com 


"A  lot  of  vendors  dabble  on  the  side  with  BPM. 

We  looked  at  the  massive  package  vendors  but 

they  weren't  even  close  to  what  we  wanted 

todo."  -MARITZ'S  RICH  PHILLIPS 


and  SAP— and  in  many  cases  have  built 
their  core  business  processes  around  those 
products— they’ve  learned  that  this  kind 
of  software  cannot  be  customized  easily 
or  quickly. 

But  business  will  no  longer  sit  still  for 
long  development  cycles.  Business-side 
execs  simply  demand  that  IT  provide  them 
with  the  ability  to  change  quickly  in  order  to  respond  to 
markets  and  customers  that  also  demand  speedy  change 
and  delivery. 

This  is  not  a  matter  of  one-off  fixes.  “It’s  not  even  just  a 
question  of  how  customizable  the  software  can  be,”  Leaver 
says.  “It’s  about  how  flexible  it  can  be  for  eternity.” 


great  flexibility.  “Accounting  is  the  perfect  example  where 
there  are  no  points  for  creativity,”  she  says. 

“But  for  processes  where  differentiation  can  make  or 
break  the  success  of  a  company,  like  customer  service  or 
order  management,  best  practices  just  aren’t  good  enough 
and  therefore,  static  packaged  apps  alone  aren’t  good 


THE  BENEFITS  OF  QUAD 
COMPLETE  LINE  OF  INTEL® 


Leap  ahead  ' 


-CORE.  NOW  IN  THE 
XEON®  PROCESSORS. 


That’s  why  more  and  more  businesses,  like  Maritz,  are  using 
BPM  software  to  put  a  “wrapper”  around  key  processes. 

What  kinds  of  business  processes  merit  this  approach? 

“Firms  are  using  BPM  to  wrapper  existing  apps  for  pro¬ 
cesses  that  require  a  high  degree  of  flexibility  to  differentiate 
them  from  the  competition,”  Leaver  says.  Some  examples 
include  proposal  generation,  customer  service,  order  man¬ 
agement,  claims  processing  and  new  account  opening;  in 
other  words,  key  processes  that  directly  touch  customers. 

Companies  may  be  able  to  wait  for  their  big- package  ven¬ 
dors  to  “get”  BPM  within  the  next  few  years;  according  to 
Leaver,  those  vendors  are  working  on  it  now.  But  to  truly 
deliver  on  the  flexibility  promise  of  BPM,  the  big  package 
vendors  must  undertake  pretty  massive  architectural  shifts, 
which  will  take  years,  she  says.  Not  all  processes  require 


enough,”  Leaver  says.  “When  it  comes  to  those  differentiat¬ 
ing  processes,  companies  could  easily  get  leapfrogged  by  the 
competition  if  they  wait  for  the  app  vendors  to  ‘get’  BPM.” 

Or  as  Maritz’s  Phillips  puts  it,  “A  lot  of  vendors  dabble  on 
the  side  with  [BPM].  We  looked  at  the  massive  package  ven¬ 
dors  but  they  weren’t  even  close  to  what  we  wanted  to  do.” 

Maritz  couldn’t  wait.  One  of  the  company’s  keys  to  suc¬ 
cess  is  customer  loyalty:  The  company’s  annual  renewal 
rate  tops  90  percent.  Those  loyal  troops  were  demanding 
that  Maritz  get  more  nimble,  and  how  loyal  they’d  remain 
if  Maritz  didn’t  was  an  open  question. 

ALIGNMENT,  AGAIN 

The  initial  push  to  revamp  business  process  at  Maritz 
started  with  the  business  side,  Phillips  says,  “but  we  did  it 


www.cio.com  |  NOVEMBER  1,  2007  67 


Business  Process  Management 


in  partnership  with  sales,  operations  and  IT.”  (Phil-  (  11 
lips  emphasizes  the  importance  of  getting  sales  to  \ 
the  table  from  the  very  beginning.  Remember,  he  \||sl 
says,  it’s  all  about  the  customer.) 

But  at  the  start  of  the  BPM  effort,  Phillips,  like  so  many 
before  him,  had  to  confront  the  seemingly  ubiquitous  and 
frustrating  disconnect  between  the  business  and  IT. 

“IT  wasn’t  siloed,  but  it  was  parallel,”  he  says.  “We 
didn’t  have  a  tight  coupling  between  business  and  IT.” 
It  wasn’t  a  simple  vocabulary  problem;  the  business  just 
had  stopped  communicating  well  with  IT. 

To  begin  fixing  the  disconnect,  Phillips  “spent  a  lot  of 
time  telling  the  story  of  what  challenges  we  faced  and,  more 
importantly,  what  opportunities  we  had.  We  really  got  to 
where  we  had  shared  forums  with  business  leaders,  process 
leaders  and  IT  leaders.  Along  the  way,  we  learned  about  the 
talent  of  the  IT  organization  that  we  could  capitalize  on. 

“We  established  an  organization  called  continuous 
improvement,”  Phillips  says.  “We  put  one  of  our  best  busi¬ 
ness  leaders  in  charge  of  that,  one  I  knew  had  organizational 
credibility  and  respect  and  had  demonstrated  an  ability  to 
collaborate  with  IT.”  This  group  established  regular  meet¬ 
ings  to  discuss  governance  and  key  projects. 

“Having  the  right  person  in  the  right  place... it’s  amazing 
how  things  can  progress  from  there,”  he  says. 


•-y\  Phillips  signed  a  deal  with  Lombardi  Software, 
7  (j  choosing  its  TeamWorks  platform  for  the  BPM 
irr-y  revamp.  Ninety  days  later,  his  team  started  rolling 
out  process  changes. 

AFTER  STRATEGY,  TACTICS 

Remember:  Phillips  believes  that  thinking  big  is  a  key  to 
successful  BPM.  Maritz  starts  with  a  macro  process,  such 
as  selling,  then  tackles  subphases,  such  as  quick  turn¬ 
arounds  on  projects,  contract  building  and  dealing  with 
outside  suppliers.  Phillips  and  his  team  do  major  releases 
every  quarter,  minor  releases  every  month. 

A  major  release  might  address  an  entire  subphase,  “say, 
how  we  link  in  the  participant  management  function,”  Phil¬ 
lips  says.  Maritz’s  participant  management  staffers  book 
the  air  and  hotel  travel,  handle  questions  from  the  people 
attending  the  trip  and  so  on.  “A  minor  release  might  deal 
with  a  portion  of  our  contract  process  or  pricing  process,” 
he  says. 

The  net  for  the  company?  “We  certainly  get  faster,  but 
more  importantly,  we  get  better,”  he  says.  “We  get  repeat¬ 
ability— the  integrity  of  our  delivery  process.” 

“We’re  also  identifying  softer  benefits,”  Phillips  says. 
“It  used  to  be  harder  to  bring  in  employees  to  use  our  new 
systems.  Now  it’s  much  more  intuitive,  and  people  have 


How  to  Pick  Your  BPM  Vendor 


First,  put  the  technology  second 

IF  YOU’RE  WONDERING  why  Maritz 
Travel  chose  Lombardi  Software’s  Team- 
Works  platform  for  its  BPM  revamp, 
rest  assured  it  wasn't  the  technology. 
Accordingto  Maritz’s  Rich  Phillips,  it 
was  because  Lombardi  showed  a  firm 
grasp  of  the  business  strategy  issues. 

The  bad  news  for  IT  execs  is  that 
being  a  software  selection  pro  won’t  help 
you  much  with  your  BPM  projects.  A 
BPM  effort,  as  Motorola  CIO  Patty  Mor¬ 
rison  says,  is  not  about  tools,  it’s  about 
process.  (See  “Put  the  Emphasis  on 
‘P’  for  Process  in  BPM,”  www.cio.com/ 
article/107052 .)  You  can  pick  the  most 
technically  sound  BPM  tool  in  the  world 
but  what  really  makes  BPM  go,  according 
to  Morrison,  is  a  combined  effort  by  IT 
and  business  to  examine  process,  then 
reshape  process  and  culture. 

Phillips  agrees,  saying,  “It's  impor¬ 


tant  to  pick  a  provider  that  really  under¬ 
stands  process  and  transformation  and 
has  an  aligned  road  map. 

"I  know  the  [software]  giants  will 
eventually  figure  this  out,  but  this 
requires  a  different  way  of  thinking,”  he 
adds.  “The  phase  1  implementation  is 
really  irrelevant.  It’s  what  you  learn  from 
phase  1  to  make  phase  2  and  phase  3 
better." 

In  addition  to  Lombardi,  vendors  like 
Savvion  and  Pegasystems  are  helping 
companies  wrap  key  business  processes 
in  software  outside  of  the  core  ERP 
suite,  says  Forrester  Research’s  Sharyn 
Leaver. 

Some  IT  execs  may  wonder  why 
they  should  trust  a  smaller  vendor 
when  addressing  their  company’s  most 
critical  processes  but  the  reality,  Leaver 
says,  is  that  SAP  and  Oracle  may  be  a 


couple  of  years  away  from  being  able  to 
help  you  with  many  aspects  of  BPM. 

SAP’s  new  hosted  ERP  suite  for  mid¬ 
market  customers,  Business  ByDesign, 
has  a  business  process  engine,  she 
notes,  but  that’s  a  brand-new  product. 
Consequently,  you're  not  going  to  get 
feedback  from  peers  on  how  it’s  working 
so  far.  (In  the  end,  Oracle  and/or  SAP 
may  choose  to  acquire  one  of  the  BPM 
expert  companies  in  order  to  boost  its 
prowess  in  that  arena,  she  says.) 

There's  a  comforting  reality  right  now 
for  IT  departments  charged  with  wrap¬ 
ping  key  business  process  using  a  BPM 
platform,  Leaver  notes:  Virtualization 
can  help.  Virtualization,  already  high  on 
the  list  of  most  companies'  technology 
priorities,  lets  IT  safely  simplify  and 
speed  up  development  and  testing  of 
the  BPM  releases.  -L.M. 


68  NOVEMBER  1,  2007  |  www.cio.com 


(intel) 

Maximize  performance  and  responsiveness  with  the  complete 
line  of  Quad-Core  Intel®  Xeon®  processors  for  mainstream  servers. 

Visit  intel.com/xeon  WKfBm 


©2007  Intel  Corporation.  Intel,  the  Intel  logo,  Intel.  Leap  ahead.,  Intel.  Leap  ahead.  Logo,  Intel  Xeon  and  Xeon  inside  are  trademarks  of  Intel  Corporation  in  the  United  States  and  other  countries 


BearingPoint 


Management 

&Technology 

Consultants 


.at  *•  ?' 


The  Risk  of  Lost  Opportunity 

It's  every  bit  as  important  as  the  other  risks  that  threaten  a 
company's  success  — security,  compliance,  credit,  technology, 
operational,  financial,  geopolitical,  market. 

BearingPoint  understands  this.  And  knows  how  to  help  companies 
seize  opportunity  rather  than  run  from  the  risks  surrounding  it. 


That's  why  The  Forrester  Wave:  Risk  Consulting  Services  2Q  2007 
named  us  a  leader  in  risk  consulting: 


“BearingPoint  showed  an  ability  and  willingness  to  move  beyond 
technology  to  focus  on  more  of  the  organizational,  role,  and 
process  issues  for  risk  management." 


Find  out  how  we  can  help  you  seize  the  opportunity  in  risk  at 
www.bearingpoint.com/risk 

We  are  BearingPoint. 

Management  and  Technology  Consultants. 

BearingPoint.com/Results  1 1.866. BRNGPNT 


Business  Process  Management 


"It  used  to  be  harder  to  bring  in  employees  to 
use  our  new  systems.  Now  it's  much  more 
intuitive,  and  people  have  crisper  access 

to  the  right  information  at  the  right  time  to 
do  their  jobs."  -MARITZ’S  RICH  PHILLIPS 


crisper  access  to  the  right  information  at  the  right  time  to 
do  their  jobs. 

The  process  revamp  has  helped  Maritz  staffers  not  only 
find  the  right  information  faster,  but  also  spend  more  time 
on  activities  that  add  value  for  clients,  Phillips  says.  For 
example,  Maritz  historically  has  used  numerous  forms 
throughout  its  travel  program  planning  operation.  “Our 
people  needed  to  find  the  right  forms,  retype  information 
into  these  forms,  distribute  these  forms  [via  e-mail],  then 
ensure  that  form  updates  made  their  way  to  all  of  the  right 
people  [internally,  external  partners,  clients],”  he  says.  Now 
the  company  prepopulates  those  forms.  “We  also  serve  up 
those  forms  to  people  at  the  right  time  to  ensure  process 
integrity  and  timely  information  distribution,”  he  adds.  “In 
addition  to  delivering  better  service,  our  people  are 
freed  up  to  focus  on  incremental  value  delivery,” 
such  as,  he  says,  creative  thinking,  information 
analysis  and  supplier  negotiations. 

“BPM  also  drives  down  end  user  work¬ 
arounds,”  he  says,  noting  that  part  of  his  initial  pitch 
to  other  business  leaders  on  the  need  for  the  BPM  effort  was 
that  the  company  had  a  lot  of  useful  data  hiding  in  spread¬ 
sheets  and  e-mail  because  people  were  working  around 
existing  enterprise  processes.  “It  was  a  real  issue  for  us.” 

A  final  deployment  strategy  that  Phillips  recommends 
is  to  establish  what  he  calls  “distributed  ownership  teams” 
for  a  BPM  revamp.  That  means  having  business  people 
reporting  up  from  the  trenches,  helping  shape  what  needs 
to  happen  in  those  major  and  minor  releases  and  then  help¬ 
ing  communicate  the  benefits  of  the  proposed  changes  for 
customers  back  to  the  work  groups. 

This  arrangement  can  be  thought  of  as  a  change  manage¬ 
ment  best  practice,  eliminating  some  of  the  “us  versus  them” 
tension  endemic  to  any  transformation,  large  or  small.  “We 
all  know  people  in  the  trenches  know  the  most  about  what’s 
working,  where  the  opportunities  are,”  he  says.  “They’ve 
already  established  credibility  with  their  peers,  as  opposed  to 

having  people  pointing 


Tools  You  Can  Use 


Where  can  you  find  BPM  SOFTWARE? 
Check  out  our  market  analysis  at 

www.cio.  com/article/108000. 


cio.com 


to  a  central  group  and 
saying,  ‘Hey,  they  don’t 
understand  us;  they 
don’t  understand  our 
problems.’” 

How  is  the  pro¬ 


cess  revamp  paying  off?  According  to  Phil¬ 
lips,  since  the  BPM  effort  began,  Maritz  has 
improved  its  customer  quality  indicators  while 
reducing  overhead. 

“Some  of  our  cost  ratios  have  improved  between 
8  and  24  percent,”  he  says.  “That’s  important 
since  our  industry  is  becoming  increasingly 
cost-competitive.” 

Overall,  he  notes,  Maritz’s  process  is  now  “keyed 
more  to  where  parts  are  in  the  pipeline  than  to  people.”  This 
helps  him  spot  trouble  more  quickly.  “I  can  see  cycle  time 
issues  and  reduce  time  to  clients,”  says  Phillips. 

MEASUREMENT  IS  EVERYTHING 

The  BPM  work  at  Maritz  won’t  be  finished  anytime  soon; 
this  is  a  project  without  an  end  date. 

“We  continue  to  add  subprocesses  and  refine  subpro¬ 
cesses.  I’m  a  believer  in  iterative  improvement.  We  get  a 
payoff  from  every  phase.” 

As  for  measuring  and  evaluating  those  improvements, 
that’s  where  Phillips  advises  CIOs  and  COOs  to  be  careful. 
Phillips  now  says  he  wishes  he  had  established  key  metrics 
and  ways  to  capture  the  information  earlier  in  the  project. 

“We  plowed  ahead  fast  on  the  process  side,”  he  says.  “I 
should  have  created  ways  to  grab  crisper  benchmarks. 

“Now  we’re  already  on  the  slope  of  improving.  We  didn’t 
have  clear  metrics  that  captured  baseline  performance. 
I’m  thinking  through  linking  process  results  to  business 
results.  If  you  can  do  that,  then  you  get  the  visibility  to  pri¬ 
oritize  your  next  investment.” 

Also  on  Phillips’s  to-do  list:  Maritz  will  look  to  BPM  to 
improve  cash  flow.  “What  we’re  planning  to  do  is  to  make 
people  more  aware  of  the  major  cash  events  within  a  cycle. 
That  just  saves  the  running  around  that  can  occur,”  Phillips 
says.  “We  deal  with  some  pretty  big  checks.” 

Ultimately,  he  says,  Maritz  wants  to  complete  what  he 
calls  the  holy  grail  of  BPM:  “We’d  like  to  link  our  processes 
to  supplier  and  customer  processes.” 

According  to  Forrester’s  Leaver,  that’s  exactly  what  many 
customers  are  demanding— another  reason  BPM  is  rising 
higher  on  CIOs’  agendas. 

Did  Maritz’s  customers  demand  process  links?  Not  in  so 
many  words.  Customers  may  be  unhappy  without  realizing 
that  their  unhappiness  stems  from  the  fact  that  their  pro¬ 
cesses  don’t  match  up  with  a  business  partner’s  processes. 
“What  we  saw  was  pain,”  Phillips  says.  “As  we  tested  the 
story  with  our  clients,  they  were  resoundingly  supportive. 

This  is  a  wave  BPM  can  and  must  address,”  he  says, 
enthusiastically.  BQ 

Technology  Editor  Laurianne  McLaughlin  can  be  reached  at 
lmclaughlin@cio.com.  To  comment  on  this  story,  go  to  the  online 
version  at  www.cio.com/article/141100. 


72  NOVEMBER  1,  2007  |  www.cio.com 


ciency " 
otierit 


k  CENTER 


How  efficient 
is  vour 

enterprise  system? 


xactly  where  you  stand!  Go  online  today  and  find 
lat  your  FREE  Efficiency  Quotient "  rating  is. 


s... 


ose  and  receive  Sk 
of  these  3  -~ 

)  White  Papers 

lin  the  next  90  days  for  FREE! 


Key  Code 

'//www. ape. com/promo  y328x 

89.APCC  x9246  •  FAX:  401.788.2797 


Legendary  Reliability* 


Go  online  and  get  your  FREE  efficiency  rating  today! 

Or  fill  out  this  card  for  the  following  White  Papers: 

□  White  Paper  #114  "Implementing  Energy  Efficient  Data  Centers" 

□  White  Paper  #63  "AC  vs  DC  Power  Distribution  for  Data  Centers" 

□  White  Paper  #113  "Electrical  Efficiency  Modeling  for  Data  Centers" 


□YES! 


Please  send  me  my  FREE  white  papers.  □NO  ,  I'm  not  interested  at  this  time,  but  please  add  me  to  your  mailing  list. 
Name:  Title: 


Company: 

Address: 

Address  2: 

City/Town: 

State: 

Zip: 

Country: 

Phone: 

Fax: 

e-mail: 

I  I  Yes!  Send  me  more  information  via  e-mail  and  sign  me  up  for  APC  PowerNews' e-mail  newsletter.  [Key  Code:  y328x 


What  type  of  availability  solution  do  you  need? 

□  UPS:  0-1 6KVA  (Single-phase)  □  UPS:10-80kVA (3-phase  AC)  □UPS:80+  kVA(3-phase  AC)  DDC  Power 

□  Network  Enclosures  and  Racks  □  Precision  Air  Conditioning  □  Monitoring  and  Management 

□  Cables/Wires  □  Mobile  Protection  □  Surge  Protection  DUPS  Upgrade  □Don't  know 

Purchase  timeframe?  Qcl  Month  Ql-S  Months  Months  Q1  Yr.  Plus 

You  are  (check  1):  □  Home/Home  Office  ^Business  (<1000  employees)  □  Large  Corp.  (>1000  employees) 

□  Gov't,  Education,  Public  Org.  QAPC  Sellers  &  Partners 

©2007  APC  All  rights  reserved  All  trademarks  are  the  property  of  their  respective  owners  EE2A7EB_EN  •  e-mail  esupport®apc  com  •  132  Fairgrounds  Road.  West  Kingston.  Rl  02892  USA 


POSTAGE  WILL  BE  PAID  BY  ADDRESSEE 


APC 

ATTENTION  CRC:  y328x 
132  FAIRGROUNDS  ROAD 
PO  BOX  278 

WEST  KINGSTON  Rl  02892-9920 


How  to  Contact  API 

Call:  1.888.289.APCC  x9246 

Fax:  401.788.2797 

Visit:  http-J/www.apc.  com/proi 

enter  keycode  y328x 


APC 


Legendary  Reliability® 


Introducing  the  revolutionary  Efficient  Enterprise™ 


CAPACITY  MANAGEMENT 


WORLD'S  ONLY 
THERMAL  GUARANTEE 


\ 


Your  service  panel  limits  the  amount  of  power  available. 

Your  budget  limits  the  amount  of  money.  You  have  to  stretch 
every  bit  of  both  as  far  as  you  can.  What  you  need  is  the  APC 
Efficient  Enterprise™ 


Schneider 

Electric 


The  APC  solution  offers  modular  scalability  so  that  you  pay 
only  for  what  you  use;  capacity  management  so  that  you 
know  where  to  put  your  next  server;  and  dedicated  in-row  and 
heat-containment  systems  that  improve  cooling  and  thermal 
predictability.  An  Efficient  Enterprise  earns  you  money  through 
the  pre-planned  elimination  of  waste.  For  example,  simply  by 
switching  from  room-  to  row-oriented  cooling,  you  will  save, 
on  average,  35%  of  your  electrical  costs. 


Our  system  reimburses  you 

Whether  you're  building  a  new  data  center  or  analyzing  the 
efficiency  of  existing  systems,  your  first  step  is  knowing 
where  you  stand.  Take  the  online  Enterprise  Efficiency  Audit 
to  see  how  you  can  reap  the  benefits  of  a  smart,  integrated, 
efficient  system:  more  power,  more  control,  more  profits. 


CLOSE-COUPLED  COOLING 


P  =  Power  Cooling  R  =  Racks 

CONSERVE  POWER 


CONTAIN  THE  HEAT 


Efficiency 

Quotient 


DATACENTER 


How  efficient  is  your 
enterprise  system? 

See  exactly  where  you  stand — take  our 
online  Enterprise  Efficiency  Audit  today! 


Legendary  Reliability 


Visit  www.apc.com/promo  Key  Code  y328x  •  Call  888-289-APCC  x9246  •  Fax  401-788-2797 


©2007  American  Power  Conversion  Corporation  and  MGE  UPS  Systems,  Inc.  All  rights  reserved.  All  APC  trademarks  are  property  of  APC-MGE. 
e-mail:  esupport@apc.com  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  EE2C7A5_EN 


SALES  AND  SERVICES 


CIO  SALES  OFFICES 
President  and  CEO 

Michael  Friedenberg 
508  935-4310 

Publisher 

Bob  Melk- 415  975-2685 
Publisher  Emeritus 

Gary  J.  Beach 
508  935-4202 

EAST  COAST 

Regional  Sales  Manager 

Ellie  St.  Louis 
201 634-2332 

Account  Executive 

Anna  Mkrtchyan 

201634-2331 

Senior  Sales  Associate 

Norma  Tamburrino 
201634-2329 
Fax -201 634-9513 

NEW  ENGLAND/ 
CENTRAL 

Regional  Sales  Manager 

Brett  Ferry 

508  935-4684 

Sales  Operations  Manager 

Dawn  Cora 
508935-4092 
Fax  •  508  879-6063 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer 
415  975-2684 


WEST  COAST 

Regional  Sales  Managers 

Kevin  Ebmeyer 
415  975-2684 
Michelle  Stutsman 
415  975-2686 

CUSTOM  SOLUTIONS 

GROUP 

Vice  President 

Matt  Avery 
508935-4796 

National  Director,  Sales 
Adam  Dennison 
508  935-4087 
Editorial  Director 
Jim  Malone 
Associate  Editor 
Anne  Taylor 
Senior  Project 
Operations 
Manager 
AmyGreenleaf 
Project  Managers 
Karen  Capland, 

Amy  Freeman 

ONLINE  SALES 

Vice  President,  Online  Sales 

Brian  Glynn  •  508  935-4586 

Online  Regional  Sales 
Manager 

Richard  Hartman 
508  935-4487 

Online  Regional  Sales 
Manager,  West 

Sarah  Gaskin 
415  975-2681 


Online  Regional  Sales 
Manager,  Midwest 

Erika  Karr 
415  978-3329 

Manager,  Online 
Account  Services 

Danielle  Tetreault 
508  988-7969 

Online  Account 
Services  Specialist 
Valerie  Sumner 
508988-7877 

Online  Advertising  Spe¬ 
cialist 

Irina  Gabechiia 
508935-4414 

Online  Sales  Associate 

Erin  Sullivan 
415  975-2687 

Online  Account  Services 
Coordinator 

Hayley  Nickerson 
508  988-7819 

LIST  SERVICES 

Contact  Paul  Capone  of  IDG 
List  Services  at  508  370- 
0865  or  pcapone@idglist. 
com. 

For  further  sales 
information: 

www3.cio.com/marketing/ 

sales_contact.html 


CIO  CONTACT 
INFORMATION 

Editorial,  Advertising  and 
Business  Offices: 

CXO  Media  Inc., 

492  Old  Connecticut  Path, 

P.O.  Box  9208, 

Framingham,  MA  01701-9208, 
508  872-0080. 

CIO  (ISSN  0894-9301)  is 
published  semimonthly  and 
as  a  combined  issue  Dec. 
15/Jan.  1  by  CXO  Media  Inc. 
Periodicals  postage  paid  at 
Framingham,  MA,  and  at  addi¬ 
tional  mailing  offices.  Canada 
Publications  Mail  Agreement 
Number  1902075.  CANADIAN 
POSTMASTER:  Please  return 
undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 
Reprints  &  Permissions: 

For  information  about  reprints 
and  copyright  permissions, 
please  contact  Reprint 
Management  Services, 
800-290-5460,  ext.  100, 
cio@reprintbuyer.com. 
Change  of  Address: 

Please  go  to  www.omeda. 
com/custsrv/cio  and  follow 
the  online  instructions. 
Postmaster:  Send  change  of 
address  to  CIO,  P.O.  Box  489, 
Northbrook,  IL  60065-9816. 


Printed  in  the  U.S.A. 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial 
mention.  This  index  is  provided  as  a  service  to  readers.  The  publisher  does  not  assume  any 
liability  for  errors  or  omissions. 


COMPANY  INDEX 

7-Eleven  Inc . 15 

AberdeenGroup  Inc . 45 

Amazon.com  Inc . 45 

American  National  Insurance 

Co . 25 

AMR  Research  . 45 

Aramark  Corp . 25 

Bazaarvoice  Inc . 45 

Blockbuster  Inc . 15 

Brookings  Institution,  The . 30 

Carilion  Clinic . 25 

Charles  Schwab  &  Co.  Inc . 58 

Citigroup . 65 

Covance  Inc . 30 

Cryptography  Research  Inc . 25 

Egon  Zehnder  International . 77 

Evian . 15 

Facebook . 45 

ForeSee  Results . 45 

Forrester  Research  Inc.  ...15, 45, 65 

Getronics . 25 

Google  Inc . 8, 15,  58 

GSD&M  Advertising . 45 

Harvey  Nash  Inc . 15 

Hewlett-Packard  LP . 45 

IBM  Corp . 15 

ICG  Commerce . 30 

I  DC . 15 

iGate  Global  Solutions  Ltd . 15 

IHL  Consulting  Group  Inc . 45 

Linux  Online  Inc . 77 


Lombardi  Software  Inc . 65 

Lotus  Software . 15 

Maritz  Inc . 65 

Mastek . 15 

Microsoft  Corp . 15, 25,  77 

Motorola  Inc . 65 

Mueller  Water  Products  Inc . 15 

MySpace.com . 45 

neolT . 15 

Options  Clearing  Corp.,  The . 77 

Oracle . 45,  65 

Pacer  International  Inc . 30 

Pegasystems  Inc . 65 

Polaris  Industries . 15 

Price  Waterhouse  Coopers . 58 

Procter  &  Gamble . 45 

RAND  Corp . 58 

SAP  AG . 15,65 

Savvion  Inc . 65 

Syntel  Inc . 15 

Target.com  . 45 

Vizu  Corp . 45 

WakeUpWalMart.com . 45 

Wal-Mart  Stores  Inc . 45 

Wentworth  Hauser  and  Violich  ..  45 
Yoh  Services  LLC  . 15 

ADVERTISER  INDEX 

3PAR . 33 

Accenture . 22 

American  Power  Conversion . 73 

BearingPoint  Inc . 40a,  70 


Canon  U.S.A.  Inc . 2 

Capgemini . 44 

Cognos  Inc . 36 

CompuCom  Systems  Inc . 31 

CXO  Media  Inc.  ...24,41,63,64,75 

Dell  Inc . C2 

Digital  Reality  Trust . 13 

Fujitsu . 43 

Hewlett-Packard  Co . 9 

IBM  Corp . 76.78.C3 

Intel  Corp . 67, 69 

Interactive  Intelligence  Inc . 4 

MapInfoCorp . 57 

Marsh . 19 

Microsoft  Corp . 24a,  35 

Microsoft  Corp.  (regional) . 64a 

Motorola  Inc . 53 

NEC  Corp . 21 

NetOpTech  Inc . 51 

Novell  Inc . 17 

Polycom  Inc . 49 

Protiviti  Inc . 7 

RSA  Security  Inc . 28,  29 

Samsung . 14 

SunGard  Availability  Services 

Inc . 55 

Symantec  Corp . 61,  C4 

Tata  Consultancy  Services 

Ltd . 47 

TEKsystems . 11 

Verizon  Wireless . 38 

Xerox  Corp . 27 


LEGAL  NOTICE 

U.S.  Postal  Service  Statement  of  Ownership,  Management  and 
Circulation  (Requester  Publications  Only) 


1.  Publication  Title:  CIO 

2.  Publication  No.:  08949301 

3.  Filing  Date:  September  30,  2007 

4.  Issue  Frequency:  23X/year 

5.  No.  of  Issues  Published  Annually:  23 

6.  Annual  Subscription  Price:  Free  to  qualified  subscribers/AII  other 
in  U.S.  and  Canada  $95:  Foreign  Subscriptions,  $195  U.S. 

7.  Complete  Mailing  Address  of  Known  Office  of  Publication:  492 
Old  Connecticut  Path,  P.O.  Box  9208,  Framingham,  MA  01701-9208 
(Middlesex  County) 

Contact  Person:  Carol  Spach.  Telephone:  (508)  935-4038. 

8.  Complete  Mailing  Address  of  Headquarters  or  General  Business 
Office  of  Publisher:  492  Old  Connecticut  Path,  P.O.  Box  9208. 
Framingham,  MA  01701-9208  (Middlesex  County) 

9.  Full  Names  and  Complete  Mailing  Addresses  of  Publisher,  Editor 
and  Managing  Editor:  Publisher:  Bob  Melk,  492  Old  Connecticut  Path. 
P.O.  Box  9208,  Framingham,  MA  01701-9208.  Editor  in  Chief:  Abbie 
Lundberg,  492  Old  Connecticut  Path,  P.O.  Box  9208.  Framingham,  MA 
01701-9208.  Editor:  David  Rosenbaum,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701-9208. 

10.  Owner:  International  Data  Group,  One  Exeter  Plaza,  Boston,  MA 
02116-2851. 

11.  Known  bondholders,  mortgages  and  other  security  holders  owning 
or  holding  1%  or  more  of  total  amount  of  bonds,  mortgages  or  other 
securities:  None. 

12.  Tax  Status:  For  completion  by  nonprofit  organizations  authorized 
to  mail  at  special  rates:  Not  applicable. 

13.  Publication  Title:  CIO 

14.  Issue  date  for  circulation  data  below:  September  15,  2007 

15.  Extent  and  nature  of  circulation: 


ACTUAL  NO.  COPIES  OF  SINGLE  ISSUE 
PUBLISHED  NEAREST  TO  FILING  DATE 


AVG.  NO.  COPIES  EACH  ISSUE  . 
DURING  PRECEDING  12  MONTHS 


A. 


] 


Total  number  of  copies  printed 
(net  press  run) .  148,952  .  .  147,873 

B.  Paid  and/or  requested  circulation 

1.  Individual  paid/requested  mail  sub¬ 
scriptions  stated  on  form  3541  (include 
direct  written  request  from  recipient, 
telemarketing  &  internet  requests  from 
recipient,  paid  subscriptions  including 
nominal  rate  subscriptions,  advertiser's 

proof  copies,  and  exchange  copies)  ....  141,210  .  .  140,920 

2.  Copies  requested  by  employers  for 
dis-tribution  to  employees  by  name  or 

position  stated  on  PS  Form  3541 .  0  . 0 

3.  Sales  through  dealers  and  carriers, 
street  vendors,  counter  sales,  and  other 

paid  or  requested  distribution . 0 . 0 

4.  Requested  copies  distributed  by  other  ... 

mail  classes  through  the  USPS .  783  ....  824 

C.  Total  paid  and/or  requested  circulation 

[sum  of  15b.  (1),  (2).  (3),  and  (4)] .  141,993  .  .  141,744 

D.  1.  Nonrequested  copies  stated  on  PS 
Form  3541  (include  sample  copies, 
requests  over  3  years  old,  requests 
induced  by  a  premium,  bulk  sales  and 
requests  including  Association  requests 
names  obtained  from  business 

directories,  lists  and  other  sources) . 5,370  . 

2.  Nonrequested  copies  distributed  through 
the  USPS  by  other  classes  of  mail  (e.g. 

First  Class  mail,  nonrequestor  copies 
mailed  in  excess  of  10%  limit  mailed  at 
Standard  Mail  or  Package  Services  Rates) .  .  .93.  . 

3.  Nonrequested  copies  distributed  outside 

the  mail  (include  pickup  stands,  trade 
shows,  showrooms  &  other  sources) . 315  . 

E.  Total  nonrequested  distribution 

(sum  of  15d  (1),  (2),  and  (3)) .  5,778  . 

F.  Total  distribution  (sum  of  15c  &  15e) . 147,771. 

G.  Copies  not  distributed . 1,181  . 

H.  Total  (sum  of  15g  and  g) .  148,952 

I.  Percent  Paid  and/or  Requested 

Circulation  (15c/15f  xlOO) . 96.1% . 

I  certify  that  all  information  furnished  on  this  form  is  true  and 
complete.  I  understand  that  anyone  who  furnishes  false  or 
misleading  information  on  this  form  or  who  omits  material  or 
information  requested  on  the  form  may  be  subject  to  criminal 
sanctions  (including  fines  and  imprisonment)  and/or  civil  sanctions 
(including  civil  penalties). 


4,783 


.105 


4,888 

146,632 

1,241 

147,873 

96.7% 


Carol  A.  Spach,  Sr.  VP  Circulation 


74  NOVEMBER  1,  2007  |  www.cio.com 


Knowledge  at  Your  Fingertips 

on  ClO.com’s  White  Paper  Library 


Visit  the  CIO.com  White  Paper  Library  for  case  studies  and  educational  tools, 
searchable  by  IT  categories. 


White  Paper  Topics  Include: 
»  Business  Continuity 
»  Business  Intelligence 
» IT  Management 
»  Mobile/Wireless 
»  Open  Source 
»  Outsourcing 
»  Privacy  &  Security 
»  SOA/Web  Services 
»  Software 
»  Storage 
»  VOIP 


p«rfec( 


- v.iiui0a| 


ww>««in8k‘yl 


'v'u,'y 


Business  Technology  Leadership 


some  see  the  awesome  potential  of  business, 
others  see  innovation  powered  by  IT. 


There’s  almost  nothing  that  business  isn’t  capable  of  accomplishing.  Products  that 
make  our  lives  easier.  Ideas  that  change  the  way  we  work.  Breakthroughs  that  extend 
our  lives.  And  who  hasn’t  witnessed  the  power  of  IT  and  its  seemingly  limitless  ability 
to  achieve  what,  just  a  few  years  ago,  was  thought  to  be  impossible?  What  happens 
when  these  two  forces  are  joined  together?  To  find  out,  go  to  ibm.com/special/cio 


■  The  Strategic  CIO  FULFILLING  THE  ROLE'S  NEW  MANDATE 

By  the  leaders  of  the  CIO  Executive  Council 

No-Boundaries 

Leadership 

Most  CIOs  leverage  their  enterprisewide  view  of  business  operations. 

The  CIO  of  Options  Clearing  Corp.  must  cultivate  industrywide  leadership 
to  succeed  in  a  time  of  unprecedented  growth. 


hen  I  joined  The  Options  Clearing  Corporation 

(OCC)  in  2004,  options  trading  activity  had  reached  3  mil¬ 
lion  contracts  a  day.  Volume  growth  had  been  relatively  flat 
for  a  few  years  in  the  wake  of  the  dotcom  bust,  but  the  economy 
was  improving.  I  had  no  idea  what  was  in  store;  to  get  a  sense  of  what  capacity 
to  plan  for,  I  reached  out  to  the  CIOs  who  worked  with  our  business  partners— 


the  various  options  and  futures  exchanges— to  learn 
how  much  business  they  expected  to  send  our  way. 

We  were  all  grossly  off  the  mark!  We’re  currently 
averaging  slightly  fewer  than  11  million  contracts  a 
day.  And  on  Aug.  16,  we  cleared  nearly  24  million 
contracts  in  one  day,  which  is  our  current  high  vol¬ 
ume  day  record.  OCC  has  a  rule  of  thumb  that  says 
we  will  maintain  enough  processing  capacity  to  han¬ 
dle  twice  the  volume  of  our  most  recent  high-water 
mark,  which  typically  is  two  to  three  times  our  daily 
average.  And  so  we  diligently  prove  out  our  capacity 
objective  with  an  annual  test.  But  even  though  OCC’s 
capacity  management  is  critical  to  the  efficient  opera¬ 
tion  of  the  industry,  this  is  not  enough  to  ensure  that 
the  demand  from  the  ultimate  consumers— those 
who  buy  and  sell  the  contracts— can  be  successfully 
handled  by  everyone  involved  with  processing  each 


transaction.  Each  link  in  the  value  chain  needs  to 
be  strong,  and  our  relationships  across  corporate 
boundaries  make  them  so. 

The  OCC  is  the  financial  guarantor  of  each 
options  transaction,  which  we  process  on  behalf 
of  the  six  different  options  exchanges  and  three 
futures  exchanges  that  comprise  the  U.S.  security 
derivatives  industry.  These  trades  originate  from 
consumers  (retail  customers  and  professional  trad¬ 
ers)  and  come  to  OCC  through  approximately  130 
broker/dealers,  our  clearing  members. 

With  all  these  players  exchanging  data,  and  with 
a  40  percent  compound  annual  growth  rate  in  trad¬ 
ing  volume  since  2004,  operational  performance 
can  get  out  of  sorts  quickly  if  we’re  not  reaching  out 
to  our  clearing  members  and  exchanges  regularly. 
OCC  can’t  finalize  trade  processing  until  we  have  all 


www.cio.com  |  NOVEMBER  1,  2007  77 


we  see  a  bridge  that  connects  the  two. 


When  business  and  IT  are  working  as  one,  costs  go  down.  And  overall  agility  goes, 
well,  through  the  roof.  But  the  best  news  is,  when  you’re  fully  integrated,  you  can 
collaborate  in  new  ways.  New  products  can  be  driven  by  customer  insights.  And 
you  can  quickly  react  to  an  opportunity.  In  short,  you  can  innovate.  Of  course, 
creating  a  collaborative  environment  will  take  some  work.  But  we  know  the  perfect 
person  for  the  job.  To  find  out  more,  go  to  ibm.com/special/cio 


The  Strategic  CIO 


FULFILLING  THE  ROLE'S  NEW  MANDATE 


the  data  from  the  exchanges  and  clear¬ 
ing  members.  Likewise,  they  cannot 
finalize  their  processing  until  OCC  is 
finished  with  its  part  of  the  transaction. 

So  it’s  important  to  be  sure  we  all  have 
the  capacity  to  handle  the  increasing 
volumes  and  also  the  resiliency  to  man¬ 
age  operational  problems  or  disasters  if  or  when  they  happen. 
Therefore,  although  most  CIOs  have  an  overview  of  everything 
within  the  four  walls  of  their  organization,  at  OCC  we  think 
beyond  them,  to  the  industry  as  a  whole. 


Seize  Opportunities  to  Make  Connections 

As  companies  in  other  industries  become  more  dependent  on 
cross-company  operations,  CIOs  will  need  to  increase  their 
collaboration  and  leadership  role  in  their  industries. 

Besides  our  routine  interactions,  we  also  come  together  via 
industry  roundtable  meetings.  OCC  chairs  four  operational 
roundtables  with  the  exchanges  and  clearing  members  each 
year,  as  well  as  three  technology  roundtables  with  the  IT  staff 
from  those  same  companies.  So  I  have  at  least  seven  oppor¬ 
tunities  each  year  to  sit  with  our  suppliers  and  customers  to 
talk  about  operational  and  technology  issues,  new  products, 
efficiency  opportunities  and  more.  These  meetings  help  keep 
everyone  abreast  of  industrywide  issues  and  initiatives.  They 
are  also  very  valuable  in  helping  us  establish  and  build  rela¬ 
tionships  among  our  industry  constituents. 

I  chair  the  technology  roundtables.  The  meeting  coordi¬ 
nator  and  I  come  up  with 


More  CIO  Strategy 


See  videos  of  CIOs  discussing  their 
strategic  role  at  www.cio.com/ 
video/outlookseries.  For  more 
columns  and  tools  on  LEADERSHIP 
COMPETENCIES,  visit 
www.cio.com/cec/strategic_cio/. 

cio.com 


an  agenda  and  circulate  it 
among  the  participants  to 
tailor  it  to  their  interests. 
Sometimes  we’ll  seed  the 
conversations  by  asking 
participants  about  some  hot 
topic,  such  as  Vista  adoption 
or  what  they  think  about 
SOA.  We  have  a  healthy  exchange  of  ideas,  and  we  share  infor¬ 
mation  and  experiences  about  common  points  of  interest. 

These  meetings  have  been  great  for  championing  industry¬ 
wide  issues.  One  example  is  the  industry’s  options  symbols. 
Currently,  every  option  has  a  unique  5-byte  identification  code. 
This  is  the  most  fundamental  data  element  in  our  industry-used 
everywhere  and  in  every  system.  But  it’s  difficult  to  interpret 
and  error-prone  and  simply  not  flexible  enough  to  handle  the 
demands  of  the  industry  in  the  future.  OCC  is  helping  to  coor¬ 
dinate  an  initiative  to  define  a  new,  more  robust  and  easy-to- 
understand  code  that  is  due  to  go  live  in  2009. 


When  you  have  good  relationships,  you  can 
start  asking  tough  Questions.  Then  work 
collectively  to  resolve  potential  problems. 
The  industry  as  a  whole  can  prosper  from 
growth  rather  than  toil  to  survive  it. 


Relationships  Are  Essential 

Strategic  collaboration  and  influence  within  the  industry 
would  not  be  successful  without  the  relationships  that  many 
of  us  in  OCC  have  with  a  lot  of  the  key  people  in  our  industry. 
When  you  have  good  relationships,  you  can  start  asking  tough 
questions  like,  What  happens  if  our  current  volume  grows 
10  times  over  the  next  five  years— what  does  that  mean  for  us 
operationally?  Or  systems-wise?  Then  we  can  leverage  our 
relationships  and  work  collectively  to  resolve  potential  prob¬ 
lems  over  time— and  the  industry  as  a  whole  can  enjoy  and 
prosper  from  growth  rather  than  toil  to  survive  it. 

A  fundamental  step  in  building  relationships  is  to  get 
out  of  the  office  and  meet  with  people.  Every  company  has 
suppliers  and  customers.  When  I  meet  with  people  from  the 
exchanges  and  with  the  clearing  members,  I’ll  ask  what  they 
are  doing  with  new  products,  how  they  are  handling  volume 
growth,  and,  most  important,  if  there  are  any  opportunities 
for  doing  business  better,  cheaper  or  faster. 

When  I  leave  my  office  for  these  meetings,  I  don’t  wear  an  IT 
hat.  It  is  important  to  wear  a  business  hat  outside  your  office 
so  that  you  prompt  discussions  of  business  issues  rather  than 
merely  technology  issues.  That  way  you  can  understand  the 
big  issues  in  your  business  and  theirs,  and  be  able  to  talk  about 
what  help  you  can  provide  to  them  to  help  meet  their  needs. 

Many  of  these  forays  with  customers  yield  new  knowledge 
and  insights.  What  we  learn  may  not  be  directly  reflected  in  a 
project,  but  it  helps  us  gain  insight  into  the  business  or  the  needs 
of  the  customers.  We  discuss  what  we  heard  and  determine  if 
there  is  something  OCC  can  do  to  add  value  to  the  industry.  And 
we  strengthen  our  relationships  with  our  constituents . 

Your  company  may  not  be  the  operational  linchpin  for  your 
entire  industry,  but  I  suspect  that  there  are  many  different  enter¬ 
prises  and  stakeholders  both  upstream  and  downstream  who 
are  depending  on  your  company  and  its  systems.  Ask  yourself, 
Do  I  have  an  opportunity  to  be  an  industry  leader  as  well  as  an 
enterprise  leader?  Put  on  your  business  hat,  get 
out  of  your  office  and  start  collaborating.  LrLU 


John  Von  Stein  is  executive  vice  president  and  CIO 
of  The  Options  Clearing  Corp.  in  Chicago.  He  is  a 
member  of  the  CIO  Executive  Council. 


CIO  (ISSN  0894-9301)  is  published  semimonthly  and  as  a  combined  issue  Dec.  15/Jan.  1  by  CXO  Media  Inc.  Periodicals  postage  paid  at  Framingham.  MA.  and  at  additional  mailing  offices. 
Canada  Publications  Mail  Agreement  Number  1902075.  CANADIAN  POSTMASTER:  Please  return  undeliverable  copy  to  P.0.  Box  1632,  Windsor,  ON  N9A  7C9  Postmaster:  Send  change  of 
address  to  CIO,  P.0.  Box  489.  Northbrook,  IL  60065-9816.  Printed  in  the  U  S.  A. 


www.cio.com  |  NOVEMBER  1,  2007  81 


Integration  of  business  and  IT  isn’t  something  that’s  “hopefully”  accomplished  in 
Q... whenever.  As  one  CEO  put  it,  “It’s  as  important  as  water  is  for  sea  traffic."  And 
since  a  CIO’s  panoramic  view  of  the  business  is  unmatched,  your  role  in  bridging 
this  great  divide  is  critical.  But  how  do  you  actually  do  it?  Where  do  you  start? 


On  the  next  page,  we  begin  to  answer  those  questions.  You’ll  find  insights  from  a 
company  that  has  a  wealth  of  business  process  and  IT  experience.  And  there’s  one 
person  who  can  bring  that  depth  of  knowledge  to  bear  on  your  business.  You.  To 
find  out  more,  go  to  ibm.com/special/cio 


what  makes  you  special? 


The  Strategic  CIO  FULFILLING  THE  ROLE'S  NEW  MANDATE 


What  It  Means  to  Be  Strategic 

Top  performers  influence  the  direction  of  their  companies  and  industries 

BY  REYNOLD  LEWKE  AND  STEVE  KELNER 


The  C-level  competency  of  strategic  orientation  is 
the  ability  to  think  long  term,  strategically,  and 
beyond  one’s  own  area  to  plan  against  larger 
issues.  It  depends  on  complex  thinking  abilities, 
both  analytical  (cause-and-effect  chains)  and  conceptual 
(patterns).  It  isn’t  just  “the  vision  thing”— the  emphasis  is 
on  business  strategy,  not  vivid  images.  The  strategies  must 
incorporate  specific  business  issues,  and  in  many  cases  pro¬ 
pose  action,  or  at  least  be  so  clear  that  anyone  knowing  those 
strategies  can  use  them  to  make  decisions  for  action. 

Basic  performance  in  this  competency  is  understanding 
others’  strategic  priorities  and  appreciating  opportunities 
for  long-term  change.  Moderate  performance  comes  when 
one  begins  to  generate  actual  plans,  translating  from  a  larger 
corporate  or  divisional  strategy  down  to  something  applicable 
to  one’s  own  area.  At  this  point,  to  improve  performance,  an 
executive  must  challenge  or  drive  the  strategy  of  the  larger 
organization,  not  just  that  of  his  or  her  own  area. 

Thereafter,  strategic  orientation  performance  gains  come 
from  the  progressively  greater  scope  of  a  leader’s  strategic 
thought,  so  that  at  the  highest  level,  the  executive  either 
is  developing  a  strategy  that  incorporates  multiple  busi¬ 
nesses  and  integrates  a  complex  variety  of  different  and 
possibly  conflicting  businesses,  or  is  developing  a  strategy 
that  can  transform  the  nature  of  the  business  itself.  For 
The  Options  Clearing  Corp.  Executive  Vice  President  and 
CIO  John  Von  Stein,  the  scope  for  strategy  as  it  relates  to 
operations  and  capability  planning  is  the  whole  options 
industry.  (See  “No-Boundaries  Leadership”  on  Page  77.) 

Are  You  Ready  for  a  Strategic  Orientation? 

Once  you  understand  the  focus  and  scope  of  a  strategic  orien¬ 
tation,  it’s  important  to  consider  your  organization’s  predisposi¬ 
tion  toward  strategic  leadership,  as  well  as  your  own  capability 
to  contribute.  Some  questions  to  consider  include: 

About  the  Organization 

□  Does  the  organization  have  an  articulated  strategy? 

Does  it  make  decisions  based  on  the  strategy? 

□  Is  your  IT  organization  focused  on  the  external  market  and 
measured  with  external  market  metrics?  To  what  extent  is 
your  team  market-driven  versus  technology-driven? 


□  How  complex  is  the  business?  Does  it  include  a  wide  vari¬ 
ety  of  products,  customers  and  business  models?  Is  there 
a  coherent  focus  on  the  direction  of  the  business? 

About  Yourself 

□  Do  you  understand  the  drivers  of  the  business  and  all  the 
different  aspects  of  the  market  that  apply  to  it,  including 
competitors,  history  and  business  priorities? 

□  Do  you  see  your  role  as  formulating  direction,  or  just 
executing  other  people’s  plans? 

□  How  strong  is  your  ability  to  perceive  the  feelings,  beliefs 
and  preferences  of  others?  Can  you  see  a  situation  from 
others’  perspectives,  even  if  you  disagree  with  them? 

□  Do  you  get  energized  by  seeing  a  group  work  together,  or  by 
bringing  new  groups  of  people  together? 


How  Key  Execs  Rate  on  Strategic  Orientation 


CEOs  slightly  outpace  CIOs  in  their  strategic  performance, 
while  CFOs  focus  mainly  on  hitting  goals. 


Executive  behavior  legend 


7  =  Transforms  business  model 
6  =  Redesigns  business  practices 
5  =  Improves  business  practices 
4  =  Drives  to  exceed  goals 
3  =  Driven  by  goals 
2  =  Would  like  to  make  things  better 
1  =  Fulfills  assigned  tasks 

CEO  CiO  CFO 

These  benchmarks  rate  executive  performance  on  a  scale  of  1  to  7.  Plotted 
scores  are  the  average  of  all  scores  from  the  50th  to  85th  percentile  range 
among  executives  rated.  The  data  derives  from  more  than  25,000  executive 
assessments  conducted  by  Egon  Zehnder  International. 

Based  on  the  answers  to  these  questions,  you  can  decide 
how  to  develop  the  skills  that  make  you  strategic.  Thinking 
strategically  takes  hard  work  because  the  tyranny  of  the 
urgent  always  trumps  the  importance  of  longer-term  plan¬ 
ning.  Stay  true  to  the  long  term.  BE! 


Reynold  Lewke  can  be  reached  at  reynold.lewke@ezi.net.  Steve  Kel- 
ner  can  be  reached  at  steve.kelner@ezi.net.  Both  are  senior  consul¬ 
tants  with  Egon  Zehnder  International. 


82  NOVEMBER  1,  2007  |  www.cio.com 


■^we  see  you  taking  the  next  steps  toward  integration. 


Translate  IT  into  “business-ese.”  Before  IT 
and  business  can  converge,  IT  and  business 
must  understand  each  other.  So,  rather  than 
using  techno-speak,  explain  in  business  terms 
how  technology  can  positively  impact  the  orga¬ 
nization  and  give  it  a  competitive  advantage. 


Balance  risk  and  reward.  An  IT  portfolio  should 
balance  “run  the  business”  and  “grow  the  busi¬ 
ness”  projects.  The  “run”  projects  keep  your 
current  business  model  working  efficiently.  The 
“grow”  projects,  while  more  complex,  help  you 
expand  into  new  markets  and  product  lines. 


Take  down  that  wall.  Decisions  on  how  IT  is 
employed  should  be  made  jointly,  by  both  IT 
and  business  decision  makers.  So  the  walls 
between  those  groups  must  be  removed. 
That  way,  it’s  not  “we-they.”  It’s  “us”  using  IT  to 
shape  and  execute  the  business  strategy. 


Gain  a  brand-new  perspective.  Your  entire  IT 
organization  would  benefit  from  working  directly 
with  other  business  units  within  the  organiza¬ 
tion.  Once  your  staff  is  acquainted  with  specific 
business  challenges,  they’re  more  likely  to  know 
how  to  use  technology  to  solve  them. 


Now  you’re  four  steps  closer  to  integration.  The  fifth  step?  Choosing  a  partner.  And  we  can  help 
with  that,  too.  If  you  need  someone  with  extensive  integration  experience,  nobody  even  comes 
close  to  IBM.  Our  team  of  over  100,000  delivery  specialists  has  deployed  thousands  of  business 
and  IT  projects  in  multiple  industries.  And  in  many  countries. 

IBM  experts  use  proven  business  modeling  methodologies  to  help  CIOs  decide  which  IT  processes 
drive  the  most  business  value,  and  which  give  you  the  best  competitive  advantage.  Our  financing 
options  turn  up-front  costs  into  affordable  payments.  And  with  a  range  of  outsourcing  solutions,  you 
can  worry  less  about  running  the  business.  So  you  can  focus  on  growing  the  business.  If  your  goal 
is  driving  growth  and  creating  more  collaboration,  we  have  a  suggestion.  Collaborate  with  us. 


We  interviewed  170  CIOs  and  765 
CEOs.  Want  to  know  what  most  CIOs 
considered  their  greatest  obstacle? 
Find  out  at  ibm.com/special/cio 


what  makes  you  special? 


IBM,  the  IBM  logo,  ibm.com  and  What  Makes  You  Special?  are  registered  trademarks  or  trademarks  of  International  Business  Machines 
Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of 
others.  ©  Copyright  IBM  Corporation  2007.  All  rights  reserved. 


Your  changing  business  is  connected  to  a  wide  variety  of  computing  devices 

is  connected  to  new  threats  that  attack  those  devices 


is  connected  to  the  power  of  one  comprehensive,  integrated  solution 


to  manage  their  security. 


Symantec  Endpoint  Protection.  The  next  generation  of  security  from  the  leader  in  antivirus. 

New  threats  require  new  means  of  protection.  Antivirus  alone  is  no  longer  enough.  That’s  why  we’ve  combined  our 
proven  security  and  advanced  threat  prevention  technologies  with  our  Network  Access  Control  capabilities  in  a  single 
agent,  managed  by  a  single  console.  Now  you  can  have  maximum  security  in  a  smaller,  less  intrusive  product  that 
makes  it  easier  for  you  to  help  protect  every  endpoint  in  your  company.  Visit  symantec.com/sep 


Symantec, 


Confidence  in  a  connected  world. 


